Thx a lot Joshua for your quick reply. We did some debugging. SiteMinder indeed returned all SiteMinder headers( Cookies and SessionID), but some how Apache in the front stripped them off and return 304. We did not implement cache, I don't know why it has if-modify-since in the header and return 304? Do you know why? Q.Xie --- Joshua Slive <joshua@xxxxxxxx> wrote: > On 7/5/06, Qingshan Xie <xieq_49@xxxxxxxxx> wrote: > > Thanks Joshua. > > > > We are using SiteMinder for > > Authentication/Authorization, and Single-Sign-On. > The > > missing part of the headers is SiteMinder > SessionID > > and Cookies, which causes the Single-Sign-On > failed. > > Is there any way to append those headers back when > > Apache throws 304? Can we use mod_header or > > mod_setenvif to do it? > > No, I don't believe so. The 304 processing happens > at the protocol > stage, after all the content stuff has already been > done. You may be > able to turn off 304 responses entirely with > something like > RequestHeader unset If-Modified-Since > RequestHeader unset If-None-Match > But this will obviously have some nasty effects on > resource usage. > > It seems like SiteMinder is broken if it requires > the server to > violate the HTTP/1.1 protocol, so you should > probably take this up > with CA. > > Joshua. > > --------------------------------------------------------------------- > The official User-To-User support forum of the > Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for > more info. > To unsubscribe, e-mail: > users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: > users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: > users-help@xxxxxxxxxxxxxxxx > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx