Here's another option which may not be exactly what you're looking for, but
it will work: Once you've performed all validation and are ready to
redirect them with the cookie, rather than attempting the redirect with http
headers, just output a simple "processing" page with the redirect url in an
http-equiv meta tag. The cookie will get set on the processing page and
then the browser will request the redirect itself.
Thanks,
Tim Tompkins
----------------------------------------------
Staff Engineer / Programmer
http://www.arttoday.com/
----------------------------------------------
----- Original Message -----
From: "will trillich" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 30, 2001 12:31 PM
Subject: forbidden vs. cookie
> i could really use some dumbed-down tips on setting cookies
> during a redirect. boy, this is really getting to me.
>
> using apache 1.3.9 on debian 2.2/potato
>
> in trying to implement the concept of the Apache::Ticket*.pm
> modules from the Apache Modules (eagle) book in chapter 6
> (on pages 304+) i'm running into browser compatibility problems.
> SOME browsers (differs among platforms, too) see the forbidden or
> redirect codes and take action immediately, ignoring any
> set-cookie headers that are also sent.
>
> as a workaround, i was trying to change TicketAccess.pm to
>
> # the munged version trying to accomodate rude browsers:
> package Apache::TicketAccess;
>
> use strict;
> use Apache::Constants qw(OK FORBIDDEN REDIRECT);
> use Apache::TicketTool ();
>
> sub handler {
> my $r = shift;
> my $ticketTool = Apache::TicketTool->new($r);
> my($result, $msg) = $ticketTool->verify_ticket($r);
> unless ($result) {
> $r->log_reason($msg, $r->filename);
> my $cookie = $ticketTool->make_return_address($r);
>
> #the original code that works for SOME browsers:
> # $r->err_headers_out->add('Set-Cookie' => $cookie);
> # return FORBIDDEN;
>
> my $login_uri = $r->dir_config("TicketLogin");
>
> # as AccessHandler, this was very much a bad idea:
> # use CGI '-autoload';
> # print
> # header(-refresh => "1; URL=$login_uri", -cookie => $cookie),
> # start_html(-title => 'Redirecting to login', -bgcolor => 'white'),
> # h1('Gotta log in, first'),
> # p("You're being redirected to ",
> # a({-href=>$login_uri},$login_uri),
> # " in just a moment."),
> # h2("Please stand by..."),
> # end_html();
> # return OK;
> # it does manage to redirect the browser but there's lots
> # of duplicated headers and garbage (plus just hitting the
> # BACK button bypassed the need to log in)
>
> # this don't work so not, neither:
> $r->header_out(-cookie=>$cookie);
> $r->header_out(-location=>$login_uri);
> return REDIRECT;
> # neither header is sent.
>
> }
> return OK;
> }
>
> 1;
> __END__
>
> i've spent hours flipping back and from from the index to the
> text, slapping postit notes on every other page, scanning
> Apache::*.pm source code -- and it's still not sinking in... a
> little help would be appreciated!
>
> AAUGH!
>
> --
> [EMAIL PROTECTED]
>