mod_session: After parsing the value of the header specified by the

SessionHeader directive, remove the value from the response. PR 55279. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531679 13f79535-47bb-0310-9956-ffa450edef68
2026-01-06 09:01:14 +03:00 · 2013-10-13 12:27:54 +00:00
parent 6330b052dd
commit 0d9b5c81a5
2 changed files with 6 additions and 0 deletions
--- a/4
+++ b/4
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.5.0

+  *) mod_session: After parsing the value of the header specified by the
+     SessionHeader directive, remove the value from the response. PR 55279.
+     [Graham Leggett]
+
  *) mod_auth_form: Make sure the optional functions are loaded even when
     the AuthFormProvider isn't specified. [Graham Leggett]

--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -443,6 +443,8 @@ static apr_status_t session_output_filter(ap_filter_t * f,
                override = apr_table_get(r->headers_out, conf->header);
            }
            if (override) {
+                apr_table_unset(r->err_headers_out, conf->header);
+                apr_table_unset(r->headers_out, conf->header);
                z->encoded = override;
                z->dirty = 1;
                session_identity_decode(r, z);