httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arkadiusz Miśkiewicz <ar...@maven.pl>
Subject [users@httpd] make mod_cache not cache cookies but cache contents from application side
Date Fri, 30 Oct 2009 19:57:38 GMT

Hi,

Is there a way to forbid caching cookies from application level (let say php 
or mod_perl level) by mod_cache? I know method via apache config but trying 
to find one via application level. Of course I would like the rest (bodies) 
to be actually cached but not cookies itself.

mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to 
the user B which for me is serious security issue.

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message