From: Graham Leggett Date: Fri, 29 Aug 2008 21:49:27 +0000 (+0000) Subject: mod_session_cookie: Make sure that cookie attributes are correctly X-Git-Tag: 2.3.0~331 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0ec83e8b1b4000ced0cccfd74332065d273231c8;p=apache mod_session_cookie: Make sure that cookie attributes are correctly included in the blank cookie when cookies are removed. This fixes an inability to log out when using mod_auth_form. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@690400 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 1c4902ed92..e9f636bb21 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) mod_session_cookie: Make sure that cookie attributes are correctly + included in the blank cookie when cookies are removed. This fixes an + inability to log out when using mod_auth_form. [Graham Leggett] + *) mod_autoindex: add configuration option to insert string in HTML HEAD. [Nick Kew] diff --git a/include/util_cookies.h b/include/util_cookies.h index c01b5f4436..eb7dfbfc73 100644 --- a/include/util_cookies.h +++ b/include/util_cookies.h @@ -82,16 +82,20 @@ AP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, co * * @param r The request * @param name The name of the cookie. + * @param attrs The string containing additional cookie attributes. If NULL, the + * CLEAR_ATTRS will be used. */ -AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name); +AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs); /** * Remove an RFC2965 compliant cookie. * * @param r The request * @param name2 The name of the cookie. + * @param attrs2 The string containing additional cookie attributes. If NULL, the + * CLEAR_ATTRS will be used. */ -AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2); +AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char *attrs2); /** * Read a cookie called name, placing its value in val. diff --git a/modules/session/mod_session_cookie.c b/modules/session/mod_session_cookie.c index 6374c69791..d8894f641b 100644 --- a/modules/session/mod_session_cookie.c +++ b/modules/session/mod_session_cookie.c @@ -70,7 +70,7 @@ static int session_cookie_save(request_rec * r, session_rec * z) ap_cookie_write(r, conf->name, z->encoded, conf->name_attrs, z->maxage); } else { - ap_cookie_remove(r, conf->name); + ap_cookie_remove(r, conf->name, conf->name_attrs); } } @@ -80,7 +80,7 @@ static int session_cookie_save(request_rec * r, session_rec * z) ap_cookie_write2(r, conf->name2, z->encoded, conf->name2_attrs, z->maxage); } else { - ap_cookie_remove2(r, conf->name2); + ap_cookie_remove2(r, conf->name2, conf->name2_attrs); } } diff --git a/server/util_cookies.c b/server/util_cookies.c index 45ff8dad90..20aa5d02b5 100644 --- a/server/util_cookies.c +++ b/server/util_cookies.c @@ -99,12 +99,12 @@ AP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, co * @param r The request * @param name The name of the cookie. */ -AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name) +AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs) { /* create RFC2109 compliant cookie */ char *rfc2109 = apr_pstrcat(r->pool, name, "=;", - CLEAR_ATTRS, NULL); + attrs ? attrs : CLEAR_ATTRS, NULL); ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX "user '%s' removed cookie: '%s'", r->user, rfc2109); apr_table_addn(r->headers_out, SET_COOKIE, rfc2109); @@ -119,12 +119,12 @@ AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name) * @param r The request * @param name2 The name of the cookie. */ -AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2) +AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char *attrs2) { /* create RFC2965 compliant cookie */ char *rfc2965 = apr_pstrcat(r->pool, name2, "=;", - CLEAR_ATTRS, NULL); + attrs2 ? attrs2 : CLEAR_ATTRS, NULL); ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX "user '%s' removed cookie2: '%s'", r->user, rfc2965); apr_table_addn(r->headers_out, SET_COOKIE2, rfc2965);