Description
There is a typo in HttpSessionManger
(ats_ip_addr_eq(&s->server_ip.sa, addr) && ats_ip_port_cast(addr) == ats_ip_port_cast(addr)))
The fix would be
- (ats_ip_addr_eq(&s->server_ip.sa, addr) && ats_ip_port_cast(addr) == ats_ip_port_cast(addr))) + (ats_ip_addr_eq(&s->server_ip.sa, addr) && ats_ip_port_cast(&s->server_ip.sa) == ats_ip_port_cast(addr)))
This typo skip the port check, so if requests to same origin server would use one same session even though different port.
Which would cause ATS-5.0 reuse wrong session to origin.