* Allow to unset cookies via negative lifetime values

rpluem · rpluem · commit 3af0d142f116 · 2025-02-11T10:29:03.000Z
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1923725 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/changes-entries/mod_rewrite_unset_cookie.txt b/changes-entries/mod_rewrite_unset_cookie.txt
@@ -0,0 +1 @@
+  *) mod_rewrite: Allow to unset cookies in the browser. [Ruediger Pluem]
diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml
@@ -223,6 +223,7 @@ security model.</dd>
 <dd>A value of 0 indicates that the cookie will persist only for the
 current browser session. This is the default value if none is
 specified.</dd>
+<dd>A negative value causes the cookie to be unset in the browser.</dd>
 
 <dt>Path</dt>
 <dd>The path, on the current website, for which the cookie is valid,
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
@@ -2758,7 +2758,7 @@ static void add_cookie(request_rec *r, char *s)
                 long exp_min;
 
                 exp_min = atol(expires);
-                if (exp_min) {
+                if (exp_min > 0) {
                     apr_time_exp_gmt(&tms, r->request_time
                                      + apr_time_from_sec((60 * exp_min)));
                     exp_time = apr_psprintf(r->pool, "%s, %.2d-%s-%.4d "
@@ -2769,6 +2769,9 @@ static void add_cookie(request_rec *r, char *s)
                                            tms.tm_year+1900,
                                            tms.tm_hour, tms.tm_min, tms.tm_sec);
                 }
+                else if (exp_min < 0) {
+                    exp_time = "Thu, 01 Jan 1970 00:00:00 GMT";
+                }
             }
 
             cookie = apr_pstrcat(rmain->pool,

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ *) mod_rewrite: Allow to unset cookies in the browser. [Ruediger Pluem]`