Thread: [mod-security-users] Invalid cookie format error, why?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

With:

   SecFilterCheckCookieFormat On

we are seeing the following error:

 Cookie: DYN_CAL='fdow':null,'history':"2005/02/21/19/23",'hsize':9
 mod_security-message: Invalid cookie format: Cookie value is missing #1
 mod_security-action: 500

However, looking at the module code, it seems like the "=" isn't being
matched, but I can't really tell why:

  p = header_copy;
    while(*p != 0) {
        attr_name = NULL;
        attr_value = NULL;

        /* attribute name */
        while(isspace(*p)) p++;
        attr_name = p;
        while((*p != 0)&&(*p != '=')) p++;

        if (*p == 0) {
            /* we've reached the end of the string,
             * and the attribute value is missing
             */
            *error_msg = ap_psprintf(r->pool, "Cookie value is missing #1");
            return -1;
        }

Any hints?

Thanks,
Adi