Ok. If you want i can send you a patch adding SecCookieV0Separator. Then you can force ";" (default)

On Wed, Jan 30, 2013 at 9:42 AM, Luca <superpizza@bigfoot.com> wrote:
Breno Silva <breno.silva <at> gmail.com> writes:
>
> Hello Luca,Looks like comma is not allowed in cookie value. Do you have
control of your application and maybe encode it ?Maybe i need to add a new
directive SecCookieV0Separator for this situations.Could you send me send the
cookie string ? I'd like to see.ThanksBreno


Hi Breno.
Unfortunately I do not have any control on the cookie value.
The cookie is set by an external provider and my modsec installation
is just a reverse proxy sitting in front of them.
Here's one such cookie example:

cookie=
{\"Description\":\"DAXglobalB\",\"MarketName\":\"London\",\"ETFGeo\":\"Country

Basically they set a json value. Cookie value can get pretty long.

Txs, Luca



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/