Apache 2.4 Can't Header Unset mod_session_dbd Set-Cookie

robut

4/24/24, 3:41 PM

Apache 2.4, using mod_session{,_dbd,_crypto}.
Something (SessionDBDCookieName?) adds Set-Cookie to most/all responses.

I can Header (always) unset in LocationMatch, to remove Set-Cookie on anything but / :

  <LocationMatch "^/.+">
    Header        unset "Set-Cookie"
    Header always unset "Set-Cookie"
  </LocationMatch>

But can't for the life of me unset Set-Cookie header on non-200 responses.
Set-Cookie header does not get removed whether inside any Location(Match) or out, whether Late mode or Early.
Tried stuff with mod_rewrite, SetEnvIf, Header merge/edit/set/unset - all without success.
Still need session checking on sub-paths, just can't send Set-Cookie on anything but /, so I can't just put SessionDBDCookieName in select LocationMatch blocks.
Only thing I can think of is proxying Apache through itself to force the removal of this header, but not ideal ...

How can I unset the Set-Cookie added by mod_session(_dbd?) on 3xx, 4xx, etc. ?

0 + 0

apache-2.4

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Apache 2.4 Can't Header Unset mod_session_dbd Set-Cookie

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.