News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Set-Cookie: header is incorrect

Started by bbeaulieu, October 10, 2007, 02:11:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

bbeaulieu

October 10, 2007, 02:11:19 PM Last Edit: December 22, 2007, 11:39:43 PM by SleePy
Hello,

It appears that in Display.php, line 1035, header('Set-Cookie:'); is not RFC compliant.  I wouldn't really care except we have front end load balancers that do!  When the load balancer receives this Set-Cookie: header without a value, it assumes a bad response and doesn't forward the response to the client.  This is specific to downloading attachments.  Version 1.1.2.

I've commented this out to fix my issue... but I'm sure my change will be lost during a future upgrade.  I thought you should know
about this since I spent quite a bit of time tracking it down.

According to RFC 2109, Section 4.2.2, the NAME=VALUE pair provided after the Set-Cookie: header is required.

Brian

SleePy

#1
October 10, 2007, 04:02:10 PM
Well I am not to good at RFCs and understanding them.
I will just add this to the bug tracker and let the developers decide.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

nitins60

#2
October 11, 2007, 09:55:58 AM
Moreover SMF doesn't send attachment download headers properly :(
Print
Go Up Pages1
User actions
Advertisement: