[Zope-CMF] CMF and Latest Apache
Tres Seaver
tseaver@zope.com
12 Jul 2002 14:57:27 -0400
On Fri, 2002-07-12 at 14:40, Yury German wrote:
> I know before that CMF had a problem working with Apache through rewrites.
>
> Has anything changed in the last few weeks or months since there were a
> few security bugs released against apache?
> Can the latest CMF properly authenticate through Apache rewrite to the
> local system?
The problem was that Apache 1.3.23 and later were stripping multiple
cookies set by the origin server, which meant that the CookieCrumbler's
authentication cookie was being dropped on the floor.
I haven't checked whether the latest Apache has fixed the bug. The
release page for 1.3.26 seems to claim that it was fixed:
http://www.apache.org/dist/httpd/Announcement.html
* A large number of fixes in mod_proxy including: adding support
for dechunking chunked responses, correcting a timeout problem
which would force long or slow POST requests to close after 300
seconds, adding "X-Forwarded" headers, ***dealing correctly with
the multiple-cookie header bug,*** ability to handle unexpected
100-continue responses sent during PUT or POST commands, and a
change to tighten up the Server header overwrite bugfix.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com