On Mon, 17 Mar 2003, Stas Bekman wrote:
> Nick Tonkin wrote:
> > Hi all,
> >
> > I've found what seems to be a problem with Cookies in mp2. The gist is
> > that if you return FORBIDDEN after setting your cookie header, the header
> > is not sent properly.
> >
> > When I do:
> >
> > $cookie = 'foo=bar';
> > $location = 'http::/my.domain.com/new/path';
> > $r->err_headers_out->{'Set-Cookie'} = $cookie;
> > $r->err_headers_out->{'Location'} = $location;
> > return Apache::HTTP_MOVED_TEMPORARILY;
> >
> > Then the cookie is present on the incoming request in $ENV{HTTP_COOKIE},
> > visible in $r->as_string as 'Cookie: foo=bar', and accessible through
> > $r->headers_in{'Cookie'}, all as expected.
> >
> > But if I do:
> >
> > # httpd.conf
> > ErrorDocument 403 /new/path
> >
> > $cookie = 'foo=bar';
> > $r->err_headers_out->{'Set-Cookie'} = $cookie;
> > return Apache::FORBIDDEN;
> >
> > Then in the iincoming request $ENV{HTTP_COOKIE} is unset, and the
> > _incoming_ header is the wrong one, shown by $r->as_string: 'Set-Cookie:
> > foo=bar' instead of 'Cookie: foo=bar'.
>
> Why do you look at the incoming headers of the next request, instead of the
> outgoing headers of the current response? You can't debug like that. What if
> Apache decides to send the header as: 'Set-Cookie: Set-Cookie: foo=bar'? Than
> the incoming header will make a perfect sense.
Stas:
It looks like you didn't read my post very carefully before replying very
quickly.
I *do* check the outgoing headers! I didn't post all the debug output
here since you always say to only post the relevant bits. Irrespective of
return status the outgoing header is: Set-Cookie: foo=bar
Your example is spurious: I didn't say the Cookie header was mangled (with
'Set-Cookie: ' prepended). I said that when I return 403 the Cookie header
is not present, the HTTP_COOKIE environment variable is unset, and the
Set-Cookie header is present when it should not be.
Why don't you try it instead of trying to convince me that I can't debug
and nothing is wrong?
Here is more detailed debug info:
[19846] Access::handler err_headers_out: [
$VAR1 = bless( {
'Set-Cookie' =>
'remembered_uri=https%3A%2F%2Fwm.tonkinresolutions.com%3A8443%2Findex.html;
domain=wm.tonkinresolutions.com; path=/'
}, 'APR::Table' );
]; returning FORBIDDEN
[19846] Entering Access::handler with $r->as_string [
GET /index.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept-Language: en-us, en-us
Accept-Encoding: gzip, deflate, gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Host: wm.tonkinresolutions.com:8443
Connection: Keep-Alive
HTTP/1.1 (null)
Set-Cookie:
remembered_uri=https%3A%2F%2Fwm.tonkinresolutions.com%3A8443%2Findex.html;
domain=wm.tonkinresolutions.com; path=/
] # end $r->as_string
ENV COOKIE:[] HTTP_COOKIE:[]
=======
[19872] Access::handler err_headers_out: [
$VAR1 = bless( {
'Set-Cookie' =>
'remembered_uri=https%3A%2F%2Fwm.tonkinresolutions.com%3A8443%2Findex.html;
domain=wm.tonkinresolutions.com; path=/',
'Location' => 'https://wm.tonkinresolutions.com:8443/authenticate'
}, 'APR::Table' );
]; returning HTTP_MOVED_TEMPORARILY
[19872] Entering Access::handler with $r->as_string [
GET /authenticate HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept-Language: en-us, en-us
Accept-Encoding: gzip, deflate, gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Host: wm.tonkinresolutions.com:8443
Connection: Keep-Alive
Cookie:
remembered_uri=https%3A%2F%2Fwm.tonkinresolutions.com%3A8443%2Findex.html
HTTP/1.1 (null)
] # end $r->as_string
ENV COOKIE:[]
HTTP_COOKIE:[remembered_uri=https%3A%2F%2Fwm.tonkinresolutions.com%3A8443%2Findex.html]
- nick
--
~~~~~~~~~~~~~~~~~~~~
Nick Tonkin {|8^)>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
