This issue (https://bz.apache.org/bugzilla/show_bug.cgi?id=55278) has been open for 11 years
mod_session sends duplicate Set-Cookie headers, and it also sends set-cookie on every single request, despite session ID not changing once
It's sad to see issues like this go on so long with zero attention
Anyone got any suggestions on how to get it fixed? I have also tried the latest builds from ApacheLounge and this issue is present there too
:(
A most basic configuration to reproduce the issue
ServerRoot "C:/Apache24"
Listen 80
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule session_module modules/mod_session.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule dir_module modules/mod_dir.so
<Directory />
AllowOverride none
Require all denied
</Directory>
DBDriver odbc
DBDParams "odbc_connection_string"
DBDKeep 10
DBDMax 10
DBDMin 3
DBDPrepareSQL "select value from sessions where token = %s and (expiry = 0 or expiry > %lld)" selectsession
DBDPrepareSQL "delete from sessions where token = %s" deletesession
DBDPrepareSQL "insert into sessions (value, expiry, token) values (%s, %lld, %s)" insertsession
DBDPrepareSQL "update sessions set value = %s, expiry = %lld, token = %s where token = %s" updatesession
DBDPrepareSQL "delete from sessions where expiry != 0 and expiry < %lld" cleansession
DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
Require all granted
Session On
SessionDBDCookieName test path=/
SessionMaxAge 604800
SessionEnv on
SessionHeader X-Replace-Session
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>