On Mon, 30 Apr 2001, will trillich wrote:
> Date: Mon, 30 Apr 2001 14:31:02 -0500
> From: will trillich <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: forbidden vs. cookie
>
> i could really use some dumbed-down tips on setting cookies
> during a redirect. boy, this is really getting to me.
>
> using apache 1.3.9 on debian 2.2/potato
>
> in trying to implement the concept of the Apache::Ticket*.pm
> modules from the Apache Modules (eagle) book in chapter 6
> (on pages 304+) i'm running into browser compatibility problems.
> SOME browsers (differs among platforms, too) see the forbidden or
> redirect codes and take action immediately, ignoring any
> set-cookie headers that are also sent.
>
> as a workaround, i was trying to change TicketAccess.pm to
>
> # the munged version trying to accomodate rude browsers:
> package Apache::TicketAccess;
>
> use strict;
> use Apache::Constants qw(OK FORBIDDEN REDIRECT);
> use Apache::TicketTool ();
>
> sub handler {
> my $r = shift;
> my $ticketTool = Apache::TicketTool->new($r);
> my($result, $msg) = $ticketTool->verify_ticket($r);
> unless ($result) {
> $r->log_reason($msg, $r->filename);
> my $cookie = $ticketTool->make_return_address($r);
>
> #the original code that works for SOME browsers:
> # $r->err_headers_out->add('Set-Cookie' => $cookie);
> # return FORBIDDEN;
>
> my $login_uri = $r->dir_config("TicketLogin");
>
> # as AccessHandler, this was very much a bad idea:
> # use CGI '-autoload';
> # print
> # header(-refresh => "1; URL=$login_uri", -cookie =>
>$cookie),
> # start_html(-title => 'Redirecting to login', -bgcolor
>=> 'white'),
> # h1('Gotta log in, first'),
> # p("You're being redirected to ",
> # a({-href=>$login_uri},$login_uri),
> # " in just a moment."),
> # h2("Please stand by..."),
> # end_html();
> # return OK;
> # it does manage to redirect the browser but there's lots
> # of duplicated headers and garbage (plus just hitting the
> # BACK button bypassed the need to log in)
>
> # this don't work so not, neither:
> $r->header_out(-cookie=>$cookie);
> $r->header_out(-location=>$login_uri);
> return REDIRECT;
> # neither header is sent.
>
> }
> return OK;
> }
>
> 1;
> __END__
>
> i've spent hours flipping back and from from the index to the
> text, slapping postit notes on every other page, scanning
> Apache::*.pm source code -- and it's still not sinking in... a
> little help would be appreciated!
>
> AAUGH!
Will,
Here is some code I've used in the past in a mod_perl app to set a
cookie and do a redirect at the same time. I believe it works for
most browsers -- or at least this code has been working for over a
year and I haven't heard too many complaints about this piece (that I
can think of).
my $cookie = Apache::Cookie->new($apr,
-name => 'foo',
-value => 'bar',
-expires => '+30m',
-domain => '.domain.com',
-path => '/',
);
$cookie->bake;
$apr->method_number(M_GET);
$apr->method('GET');
$apr->headers_in->unset('Content-length');
$apr->headers_out->add('Location' => '/foo');
$apr->status(REDIRECT);
$apr->send_http_header;
return OK;
HTH,
ky