Thanks Devin & Thomas. The 3 keys that define a unique cookie really helped understand the behavior. My module is working as expected now.
--Ritu -----Original Message----- From: Devin Teske [mailto:dte...@vicor.com] Sent: Tuesday, November 17, 2009 10:36 AM To: Sinha, Ritu Cc: 'modperl@perl.apache.org' Subject: Re: Overwriting a cookie in request header Oops... forgot ending right-paren to add(). Replace (in all examples): . "; domain=$domain"; with: . "; domain=$domain"); ^_^ -- Devin On Tue, 2009-11-17 at 07:31 -0800, Devin Teske wrote: > Try this: > > use CGI::Util; > my $domain = "mydomain.com"; > # Add cookie to HTTP response > $r->err_headers_out->add("Set-Cookie" => > "cookie_name=cookie_value" > . "; path=/" > . "; expires=" > . &CGI::Util::expires('+60m', 'cookie'); > . "; domain=$domain"; > > This will create a cookie and add it to the HTTP response header, which > will then expire in 60 minutes on the client-side by the browser. > > Now let's say that you want to then kill that cookie (or perhaps change > its value, or perhaps just update it so that it doesn't expire). This is > done by passing back to the client (in a new HTTP response) a cookie > with (a) the same name, (b) the same domain, and (c) the same path. > These three key values (cookie name, path, and domain) are what create a > unique cookie (and hence why you've ended up with two cookies ... it's > not enough to simply pass back a name/value pair). > > Here's an example for later deleting that same cookie (going with the > above example, let's say the cookie's name is "cookie_name"). > > use CGI::Util; > my $domain = "mydomain.com"; > # Tell the browser to delete cookie 'cookie_name' (set previously) > $r->err_headers_out->add("Set-Cookie" => > "cookie_name=" > . "; path=/" > . "; expires=" > . &CGI::Util::expires('now', 'cookie'); > . "; domain=$domain"; > > The expiration value of 'now' is translated by the expires() sub-routine > into a valid cookie expiration date/time-string and facilitates the > expiration of the cookie at the browser-side. > > Again, remember that the cookie_name, path, and domain MUST match that > of the original cookie, else nothing will happen. > > Modifying the value of an existing cookie is very similar... just pass > back a cookie with matching name/path/domain with some new value and > with an expiration sometime in the future... the browser will overwrite > the old cookie with the new (again, because the name/path/domain match). > -- > Devin > > > > > > On Tue, 2009-11-17 at 10:09 -0500, Sinha, Ritu wrote: > > I have an Apache module in which I am trying to overwrite the value of > > a cookie. I have tried different methods of the APR::Table without > > success. > > Here are the approaches that I have tried: > > > > [1] $r->headers_out->set("Set-Cookie", $cookie); > > > > Here, $cookie has the name=value pair with the name of the cookie that > > needs to be overwritten. The outcome is 2 cookies with the same name. > > > > [2] $cookie = $r->headers_in->{Cookie}; > > <search-and-replace the cookie value in $cookie> > > $r->headers_out->{Cookie}=$cookie; > > > > Does not do anything to the existing cookie ... does not even add a new > > cookie. > > > > [3] $cookie = $r->headers_in->{Cookie}; > > @cookies = split(/;/,$cookie); > > $r->headers_out->clear(); > > < add cookies one-by-one replacing the value of the cookie in question > > using $r->headers_out->set("Set-Cookie", $cookie); > > > > > The web application does not work ... seems like clearing the header > > creates problems. > > > > Any pointers would be really helpful. > > > > Thanks, > > Ritu > > > > > > > > -- Cheers, Devin Teske -> CONTACT INFORMATION <- Field Engineer FIS - Vicor Business Unit 626-573-6040 Office 510-735-5650 Mobile devin.te...@metavante.com -> LEGAL DISCLAIMER <- This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy. -> END TRANSMISSION <-
