mod_session_cookie: Make sure that cookie attributes are correctly

author Graham Leggett <minfrin@apache.org>

Fri, 29 Aug 2008 21:49:27 +0000 (21:49 +0000)

committer Graham Leggett <minfrin@apache.org>

Fri, 29 Aug 2008 21:49:27 +0000 (21:49 +0000)
author Graham Leggett <minfrin@apache.org>
Fri, 29 Aug 2008 21:49:27 +0000 (21:49 +0000)
committer Graham Leggett <minfrin@apache.org>
Fri, 29 Aug 2008 21:49:27 +0000 (21:49 +0000)
diff --git a/CHANGES b/CHANGES

index 1c4902ed92e05f79108b1ddc40bc6d3705e108e4..e9f636bb21bc66a4b447d4339c6419babac62ebd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
  Changes with Apache 2.3.0
  [ When backported to 2.2.x, remove entry from this file ]
  
+  *) mod_session_cookie: Make sure that cookie attributes are correctly
+     included in the blank cookie when cookies are removed. This fixes an
+     inability to log out when using mod_auth_form. [Graham Leggett]
+
    *) mod_autoindex: add configuration option to insert string
       in HTML HEAD. [Nick Kew]
  
diff --git a/include/util_cookies.h b/include/util_cookies.h

index c01b5f4436d102eb9c2a2d2f29a18c007379e448..eb7dfbfc73189a7f0431c2bdc8281feb79e894fa 100644 (file)
--- a/include/util_cookies.h
+++ b/include/util_cookies.h
@@ -82,16 +82,20 @@ AP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, co
   *
   * @param r The request
   * @param name The name of the cookie.
+ * @param attrs The string containing additional cookie attributes. If NULL, the
+ *              CLEAR_ATTRS will be used.
   */
-AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name);
+AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs);
  
  /**
   * Remove an RFC2965 compliant cookie.
   *
   * @param r The request
   * @param name2 The name of the cookie.
+ * @param attrs2 The string containing additional cookie attributes. If NULL, the
+ *               CLEAR_ATTRS will be used.
   */
-AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2);
+AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char *attrs2);
  
  /**
   * Read a cookie called name, placing its value in val.
diff --git a/modules/session/mod_session_cookie.c b/modules/session/mod_session_cookie.c

index 6374c69791bb736e238b0f05faae6c1de816bc7e..d8894f641bc3cae2ebe3c727ae98b9b37c6a990e 100644 (file)
--- a/modules/session/mod_session_cookie.c
+++ b/modules/session/mod_session_cookie.c
@@ -70,7 +70,7 @@ static int session_cookie_save(request_rec * r, session_rec * z)
              ap_cookie_write(r, conf->name, z->encoded, conf->name_attrs, z->maxage);
          }
          else {
-            ap_cookie_remove(r, conf->name);
+            ap_cookie_remove(r, conf->name, conf->name_attrs);
          }
      }
  
@@ -80,7 +80,7 @@ static int session_cookie_save(request_rec * r, session_rec * z)
              ap_cookie_write2(r, conf->name2, z->encoded, conf->name2_attrs, z->maxage);
          }
          else {
-            ap_cookie_remove2(r, conf->name2);
+            ap_cookie_remove2(r, conf->name2, conf->name2_attrs);
          }
      }
  
diff --git a/server/util_cookies.c b/server/util_cookies.c

index 45ff8dad90f9180995b44f2c05c13e9a987f9595..20aa5d02b501972b0a090e8c7ea279a48ecc0c3d 100644 (file)
--- a/server/util_cookies.c
+++ b/server/util_cookies.c
@@ -99,12 +99,12 @@ AP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, co
   * @param r The request
   * @param name The name of the cookie.
   */
-AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name)
+AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs)
  {
  
      /* create RFC2109 compliant cookie */
      char *rfc2109 = apr_pstrcat(r->pool, name, "=;",
-                                CLEAR_ATTRS, NULL);
+                                attrs ? attrs : CLEAR_ATTRS, NULL);
      ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX
                    "user '%s' removed cookie: '%s'", r->user, rfc2109);
      apr_table_addn(r->headers_out, SET_COOKIE, rfc2109);
@@ -119,12 +119,12 @@ AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name)
   * @param r The request
   * @param name2 The name of the cookie.
   */
-AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2)
+AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char *attrs2)
  {
  
      /* create RFC2965 compliant cookie */
      char *rfc2965 = apr_pstrcat(r->pool, name2, "=;",
-                                CLEAR_ATTRS, NULL);
+                                attrs2 ? attrs2 : CLEAR_ATTRS, NULL);
      ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX
                    "user '%s' removed cookie2: '%s'", r->user, rfc2965);
      apr_table_addn(r->headers_out, SET_COOKIE2, rfc2965);
author	Graham Leggett <minfrin@apache.org>
	Fri, 29 Aug 2008 21:49:27 +0000 (21:49 +0000)
committer	Graham Leggett <minfrin@apache.org>
	Fri, 29 Aug 2008 21:49:27 +0000 (21:49 +0000)
CHANGES		patch \| blob \| history
include/util_cookies.h		patch \| blob \| history
modules/session/mod_session_cookie.c		patch \| blob \| history
server/util_cookies.c		patch \| blob \| history