On Thu, 2011-06-16 at 18:57 +0200, Sorin Manolache wrote: > On Thu, Jun 16, 2011 at 18:41, Joe Lewis <jle...@silverhawk.net> wrote: > > On Thu, 2011-06-16 at 12:32 -0400, Shawn Ligocki wrote: > > > >> On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis <jle...@silverhawk.net> wrote: > >> > >> > On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: > >> > > >> > > > >> > > Can I get this response just by changing the configuration of apache? > >> > > > >> > > "Header edit cookie_name(.*)domain=[^;]+(.*) > >> > > cookie_name$1domain=.domain.net$2" does not help as it only moves the > >> > > cookie from one domain to the other and I want it copied, not moved. > >> > > >> > > >> > That is really how it should be. A second header of the same name isn't > >> > really allowed in the specification. > >> > >> > >> I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: > >> > >> From RFC 2616, Section > >> 4.2<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5> > >> : > >> > >> Multiple message-header fields with the same field-name *may* be present in > >> > a message if and only if the entire field-value for that header field is > >> > defined as a comma-separated list [i.e., #(values)]. It *must* be > >> > possible > >> > to combine the multiple header fields into one "field-name: field-value" > >> > pair, without changing the semantics of the message, by appending each > >> > subsequent field-value to the first, each separated by a comma. The > >> > order in > >> > which header fields with the same field-name are received is therefore > >> > significant to the interpretation of the combined field value, and thus a > >> > proxy *must not* change the order of these field values when a message is > >> > forwarded. > > > > > > Sorin, there is your answer. Set the header to a single value > > containing both cookies. Thanks, Shawn! > > Thanks, I've tried, but it does not work. > > First, Firefox seems to simply ignore the second cookie. I do > "Set-Cookie: a=1,b=2" and I see only a=1 in my cookie collection. > > Second, there's the problem with "expires". Typically its syntax is > "Mon, 15-Aug-2011 10:00:00 GMT", i.e. it contains a comma. So I think > that Set-Cookie does not satisfy the condition "It *must* be possible > to combine the multiple header fields into one "field-name: > field-value" pair, without changing the semantics of the message" > > Sorin
That's the Netscape spec, and a lot of browsers (Firefox by nature is in this category due to it's ancestry) choose to implement that. If the comma doesn't work, you might have to resort to the javascript or the location bounce to get the second header. The problem with the native C approaches to adding a second header is that it uses the apr_table_* functions, which overwrite what is in there when a "new" one is set. Joe -- Director - Systems Administration http://www.silverhawk.net/
