From 0d9b5c81a5bcf670283f562d9428f1f56a5e7d2d Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Sun, 13 Oct 2013 12:27:54 +0000 Subject: [PATCH] mod_session: After parsing the value of the header specified by the SessionHeader directive, remove the value from the response. PR 55279. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531679 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/session/mod_session.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/CHANGES b/CHANGES index e5bad54100..0c583f9e14 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_session: After parsing the value of the header specified by the + SessionHeader directive, remove the value from the response. PR 55279. + [Graham Leggett] + *) mod_auth_form: Make sure the optional functions are loaded even when the AuthFormProvider isn't specified. [Graham Leggett] diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c index 7213eb3c8e..5a8ca4d8cb 100644 --- a/modules/session/mod_session.c +++ b/modules/session/mod_session.c @@ -443,6 +443,8 @@ static apr_status_t session_output_filter(ap_filter_t * f, override = apr_table_get(r->headers_out, conf->header); } if (override) { + apr_table_unset(r->err_headers_out, conf->header); + apr_table_unset(r->headers_out, conf->header); z->encoded = override; z->dirty = 1; session_identity_decode(r, z); -- 2.40.0