Hi all,
I've found what seems to be a problem with Cookies in mp2. The gist is that if you return FORBIDDEN after setting your cookie header, the header is not sent properly.
When I do:
$cookie = 'foo=bar'; $location = 'http::/my.domain.com/new/path'; $r->err_headers_out->{'Set-Cookie'} = $cookie; $r->err_headers_out->{'Location'} = $location; return Apache::HTTP_MOVED_TEMPORARILY;
Then the cookie is present on the incoming request in $ENV{HTTP_COOKIE}, visible in $r->as_string as 'Cookie: foo=bar', and accessible through $r->headers_in{'Cookie'}, all as expected.
But if I do:
# httpd.conf ErrorDocument 403 /new/path
$cookie = 'foo=bar'; $r->err_headers_out->{'Set-Cookie'} = $cookie; return Apache::FORBIDDEN;
Then in the iincoming request $ENV{HTTP_COOKIE} is unset, and the _incoming_ header is the wrong one, shown by $r->as_string: 'Set-Cookie: foo=bar' instead of 'Cookie: foo=bar'.
Why do you look at the incoming headers of the next request, instead of the outgoing headers of the current response? You can't debug like that. What if Apache decides to send the header as: 'Set-Cookie: Set-Cookie: foo=bar'? Than the incoming header will make a perfect sense.
I'm going to work around this by returning a 302, but I think the behavior is problematic for Auth schemes. I looked for the t/apache/cookie.t test to monkey with but it's gone in the latest cvs tarball.
Of course you can't find it -- this test was never committed ;)
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
