Checked them and limits are set to 8Kb and looking at the header
sizes they don't exceed that.

I did some other testing however and I don't think we are going
to like this...

I put back an old libproxy.so from our (working) version shipped
with apache 1.3.12 into apach 1.3.26. And when I sniff the whole
kit'n kaboodle again I don't see the cookie duplication! If I put
back the version of 1.3.26, I DO see cookie duplication!

Does anybody know what might cause this ? I know siteminder depends
on a patch which inserts an : ap_overlay_tables() statement which
is already in the version of 1.3.26. Has something been changed in
relation to passing headers to other modules ? Might this statement
now causing headers to be added twice ?

Martijn Schoemaker

Dirk-Willem van Gulik wrote:

Be aware that it *is* possible to get SM to produce a cookie sooooo big
that it hits the 1024 (or wathever) single MIME line length limit of
apache. See

        LimitRequestLine (http_core.c)
        LimitRequestFieldsize (http_core.c)

and friends for more info.


On Thu, 29 Aug 2002, Martijn Schoemaker wrote:

> Hi,
> We use SM 4.51 and not yet the QMR4 web-agent. Will install
> and try this out right away. In any case, this does not seem
> to be a mod_proxy problem anyway. I did some more checking
> and the browser problems are probably caused by the Set-Cookie
> headers which are set multiple times. Also, the Cookies them-
> selves for the user that works are smaller that the ones for
> the user that don't work and this prolly gives strange effects
> in IE (who whould have guessed ? :))
> Anyway, this seems more like a SM/Cookie/RFC issue and has no
> further relation with mod_proxy.
> Thanks all who replied for the input, and if insights change
> y'all will hear from me :)
> Greetings,
> Martijn Schoemaker
> P.S.: Does anyone know a browser-like test tool which handles
>       SSL and shows the actual data including headers ? I might
>       even build one myself, since debugging these issues is
>       now quite a pain in the *ss. I know there is an SSL ca-
>       pable wget, but it's pretty irritating with cookies etc.
> "Foust, Adam G." wrote:
> > We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder. I have
> > not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61
> > with the QMR4 apache webagent. I've observed some strange URL rewriting
> > issues involved with multi-domain sign-on and using cookie providers, but
> > nothing that can't be worked around.
> >
> > Our setup is basically apache reverse-proxies (mod_proxy) behind F5
> > load-balancers. The reverse-proxies chain through intermediate firewalls
> > through another (forward) mod_proxy to backend DMZ servers.
> >
> > I have been tracing HTTP headers and have not yet seen the behavior you
> > describe. Are you running SiteMinder 5.0?
> >
> --
> You have reached the end of the message.
> Press [t] to go to the top of this message, or [c] to close it.

You have reached the end of the message. 
Press [t] to go to the top of this message, or [c] to close it.