On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis <[email protected]> wrote:
> On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: > > > Hello, > > > > I have a content generator that sets a cookie on a domain. I know the > > cookie name and the domain name, they never change. However the cookie > > value and expiration time vary. I would like to add the cookie with > > same name and value, and optionally the same expiration time to a > > second domain. Is there a way to do it just by configuring apache and > > its standard modules? I do not want to _edit_ the Set-Cookie header. I > > want to _add_ a second Set-Cookie header that is identical to the > > first with the exception of the domain. > > > > Here's an example: > > > > The content generator gives the response > > > > Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; > > expires=Mon, 20 Jun 2011 10:00:00 GMT > > > > I want the response > > > > Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; > > expires=Mon, 20 Jun 2011 10:00:00 GMT > > Set-Cookie: cookie_name=cookie_value; domain=.domain.net; expires=Mon, > > 20 Jun 2011 10:00:00 GMT > > > > Can I get this response just by changing the configuration of apache? > > > > "Header edit cookie_name(.*)domain=[^;]+(.*) > > cookie_name$1domain=.domain.net$2" does not help as it only moves the > > cookie from one domain to the other and I want it copied, not moved. > > > That is really how it should be. A second header of the same name isn't > really allowed in the specification. I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: >From RFC 2616, Section 4.2<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5> : Multiple message-header fields with the same field-name *may* be present in > a message if and only if the entire field-value for that header field is > defined as a comma-separated list [i.e., #(values)]. It *must* be possible > to combine the multiple header fields into one "field-name: field-value" > pair, without changing the semantics of the message, by appending each > subsequent field-value to the first, each separated by a comma. The order in > which header fields with the same field-name are received is therefore > significant to the interpretation of the combined field value, and thus a > proxy *must not* change the order of these field values when a message is > forwarded. Furthermore, from RFC 2109, Section 4.2.1<http://www.ietf.org/rfc/rfc2109.txt> : An origin server may include multiple Set-Cookie headers in a response. Note > that an intervening gateway could fold multiple such headers into a single > header. Cheers, -Shawn I realize that some CGI tools > successfully add it in, and browsers do try to handle multiples, but it > isn't supposed to happen. > > Two viable options : > > Print one header with a 302 in order to force the browser to make a > second request that we can get the other cookie into. > > Respond with javascript that sets the cookie for the second domain. > > Joe > -- > Director - Systems Administration > http://www.silverhawk.net/ >
