Ok. If you want i can send you a patch adding SecCookieV0Separator. Then you can force ";" (default)

On Wed, Jan 30, 2013 at 9:42 AM, Luca <superpizza@bigfoot.com> wrote:
Breno Silva <breno.silva <at> gmail.com> writes:
> Hello Luca,Looks like comma is not allowed in cookie value. Do you have
control of your application and maybe encode it ?Maybe i need to add a new
directive SecCookieV0Separator for this situations.Could you send me send the
cookie string ? I'd like to see.ThanksBreno

Hi Breno.
Unfortunately I do not have any control on the cookie value.
The cookie is set by an external provider and my modsec installation
is just a reverse proxy sitting in front of them.
Here's one such cookie example:


Basically they set a json value. Cookie value can get pretty long.

Txs, Luca

Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: