Janine, But when I send the telnet request, with the Cookie: header, I get the same thing as when I use a browser. The target page test2.tcl doesn't include the Set-Cookie header in response.
Is this what you want to happen or not? Here is what I think is happening: The client sends a request with a Cookie header (not Set-Cookie), so OACS knows who the user is. For some reason, this causes OACS to not include a Set-Cookie header for return to the client. I'm still not quite sure what the actual problem is that caused you to look into this, so maybe there is another issue besides this one. But the browser is working exactly like telnet if you include the Cookie header with the telnet request for test2.tcl. Nothing is wrong with the way the browser is working. But I think that OACS should probably be updating the cookie value so that the new expiration time will take effect. What code is deciding when to set the header? If OACS doesn't do this update, then eventually the 1200 seconds will expire and the browser will no longer send that cookie. At that point OACS will issue a new cookie and probably force the user to login again. Is that the behavior you are seeing? tom jackson On Friday 17 February 2006 18:30, Janine Sisk wrote: > I may have started you on the proverbial wild goose chase with this > cookie stuff, so let's start over. > > There are two main differences between a page sent to the browser via > ns_returnredirect vs one sent by ns_respond. ns_returnredirect puts > together a small HTML page and sends it off to the browser with > content type text/html, using the header data that's already in the > conn data structure. ns_respond takes the set of headers passed to > it, replaces the headers in conn with the ones that are passed in, > and then sends the string off to the browser. So the two significant > differences are the handling of the headers, and that > ns_returnredirect sends a properly formed HTML page whereas my use of > ns_respond sends only the word "Redirect". My hunch is that the > former is the problem. > > So could there be something about the way the -headers argument to > ns_respond is handled that is somehow garbling the data? Could Tcl > be doing something to it as it's being passed along? > > janine > > On Feb 17, 2006, at 6:03 PM, Tom Jackson wrote: > > Janine, > > > > Now I'm getting confused. If the browser or the telnet sends the > > cookie it > > just received, the outputheaders on test2.tcl don't include a set- > > cookie > > header. So it isn't in the outputheaders I guess. I just did this: > > > > [EMAIL PROTECTED]:/media/floppy> telnet temp.nybooks.com 80 > > Trying 209.162.194.75... > > Connected to temp.nybooks.com. > > Escape character is '^]'. > > GET /test.tcl HTTP/1.0 > > Host: temp.nybooks.com > > > > HTTP/1.0 302 Found > > Host: temp.nybooks.com > > Set-Cookie: > > ad_session_id=80111104%2c0+%7b663+1140228924 > > +1E0DA0457345E6F9CE3F6D34E60EA76197B8858D%7d; > > Path=/; Max-Age=1200 > > location: http://temp.nybooks.com/test2.tcl > > MIME-Version: 1.0 > > Date: Sat, 18 Feb 2006 01:55:24 GMT > > Server: AOLserver/4.0.10 > > Content-Type: text/plain; charset=iso-8859-1 > > Content-Length: 8 > > Connection: close > > > > RedirectConnection closed by foreign host. > > [EMAIL PROTECTED]:/media/floppy> telnet temp.nybooks.com 80 > > Trying 209.162.194.75... > > Connected to temp.nybooks.com. > > Escape character is '^]'. > > GET /test2.tcl HTTP/1.0 > > Host: temp.nybooks.com > > Cookie: > > ad_session_id=80111104%2c0+%7b663+1140228924 > > +1E0DA0457345E6F9CE3F6D34E60EA76197B8858D%7d; > > > > HTTP/1.0 200 OK > > MIME-Version: 1.0 > > Content-Type: text/html > > Server: AOLserver/4.0 > > > > ns_conn headers - size = 2<br> > > key = Host, value = temp.nybooks.com<br> > > key = Cookie, value = > > ad_session_id=80111104%2c0+%7b663+1140228924 > > +1E0DA0457345E6F9CE3F6D34E60EA76197B8858D%7d;<br> > > <p> > > ad_conn headers - size = 2<br> > > key = Host, value = temp.nybooks.com<br> > > key = Cookie, value = > > ad_session_id=80111104%2c0+%7b663+1140228924 > > +1E0DA0457345E6F9CE3F6D34E60EA76197B8858D%7d;<br> > > <p> > > ns_conn outputheaders - size = 1<br> > > key = Server, value = AOLserver/4.0<br> > > <p> > > ad_conn outputheaders - size = 1<br> > > key = Server, value = AOLserver/4.0<br> > > Connection closed by foreign host. > > > > My browser shows the same behavior as telnet. OACS isn't filling the > > outputheader with the set-cookie if the browser/client has a cookie. > > > > tom jackson > > > > On Friday 17 February 2006 17:35, Janine Sisk wrote: > >> Well no, I'm not sure that it sends the Set-Cookie header on every > >> request. But something about the change I made is causing OACS to > >> act as though the browser has cookies turned off, so I kind of zeroed > >> in on that. If there are other things that could cause that symptom > >> I should look at those too, I just didn't know what they might be. > >> > >> janine > >> > >> On Feb 17, 2006, at 5:24 PM, Tom Jackson wrote: > >>> Janine, > >>> > >>> I would try the second request via telnet, but send the cookie > >>> value you > >>> received on the first request. Are you sure that OACS sends the Set- > >>> Cookie > >>> header on every request? Maybe it doesn't do it since the cookie is > >>> already > >>> there? > >>> > >>> tom jackson > >>> > >>> GET /test.tcl HTTP/1.0 > >>> Host: temp.nybooks.com > >>> Cookie: > >>> ad_session_id=80111002%2c0+%7b542+1140224229 > >>> +57E9A3EA3E33AB40F47F8EA71184A3D012E347ED%7d; > >>> > >>> On Friday 17 February 2006 16:44, Janine Sisk wrote: > >>>> OK, so here we go. test.tcl contains a single line, a call to > >>>> ad_returnredirect, which has been modified to use ns_respond > >>>> instead > >>>> of ns_returnredirect. > >>>> > >>>> GET /test.tcl HTTP/1.0 > >>>> > >>>> HTTP/1.0 302 Found > >>>> Set-Cookie: ad_session_id=80111002%2c0+%7b542+1140224229 > >>>> +57E9A3EA3E33AB40F47F8EA71184A3D012E347ED%7d; Path=/; Max-Age=1200 > >>>> location: http://temp.nybooks.com/test2.tcl > >>>> MIME-Version: 1.0 > >>>> Date: Sat, 18 Feb 2006 00:37:09 GMT > >>>> Server: AOLserver/4.0.10 > >>>> Content-Type: text/plain; charset=iso-8859-1 > >>>> Content-Length: 8 > >>>> Connection: close > >>>> > >>>> RedirectConnection closed by foreign host. > >>>> > >>>> And if I request test2.tcl directly, I get > >>>> > >>>> GET /test2.tcl HTTP/1.0 > >>>> > >>>> HTTP/1.0 200 OK > >>>> MIME-Version: 1.0 > >>>> Content-Type: text/html > >>>> Set-Cookie: ad_session_id=80111202%2c0+%7b453+1140224589 > >>>> +962CB2C08C8F3888B4A1FF91770F02814E70BB45%7d; Path=/; Max-Age=1200 > >>>> Server: AOLserver/4.0 > >>>> > >>>> ns_conn headers - size = 0<br> > >>>> <p> > >>>> ad_conn headers - size = 0<br> > >>>> <p> > >>>> ns_conn outputheaders - size = 2<br> > >>>> key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453 > >>>> +1140224589 > >>>> +962CB2C08C8F3888B4A1FF91770F02814E70BB45%7d; Path=/; Max- > >>>> Age=1200<br> > >>>> key = Server, value = AOLserver/4.0<br> > >>>> <p> > >>>> ad_conn outputheaders - size = 2<br> > >>>> key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453 > >>>> +1140224589 > >>>> +962CB2C08C8F3888B4A1FF91770F02814E70BB45%7d; Path=/; Max- > >>>> Age=1200<br> > >>>> key = Server, value = AOLserver/4.0<br> > >>>> Connection closed by foreign host. > >>>> > >>>> So Set-Cookie is there. > >>>> > >>>> However, if I request test.tcl in the browser, I get redirected to > >>>> test2.tcl which prints out the output of ad/ns_conn headers and ad/ > >>>> ns_conn outputheaders, where there is nary a Set-Cookie in sight. > >>>> Somehow it's getting lost along the way. > >>>> > >>>> I'm perplexed. > >>>> > >>>> janine > >>>> > >>>> On Feb 17, 2006, at 3:45 PM, Tom Jackson wrote: > >>>>> Janine, > >>>>> > >>>>> So the command sequence I use goes like this: > >>>>> > >>>>> $ telnet rmadilo.com 80 > >>>>> Trying 216.211.130.179... > >>>>> Connected to rmadilo.com. > >>>>> Escape character is '^]'. > >>>>> GET /mypage HTTP/1.0 > >>>>> Host: rmadilo.com > >>>>> > >>>>> HTTP/1.0 200 OK > >>>>> Set-Cookie: SessionID = > >>>>> "9A7EDDAAACCD226251DFC34240FA7A320FA7FE5C" ; Max-Age = > >>>>> 911003711 ; Path=/ > >>>>> Set-Cookie2: SessionID = > >>>>> "9A7EDDAAACCD226251DFC34240FA7A320FA7FE5C" ; Max-Age > >>>>> = 911003711 ; Path=/ ; Version = 1 > >>>>> Last-Modified: Mon, 09 May 2005 23:27:28 GMT > >>>>> MIME-Version: 1.0 > >>>>> Date: Sat, 18 Feb 2006 00:24:49 GMT > >>>>> Server: AOLserver/4.0.10 > >>>>> Content-Type: text/html; charset=iso-8859-1 > >>>>> Content-Length: 29 > >>>>> Connection: close > >>>>> > >>>>> <a href="/files/">Files</a> > >>>>> > >>>>> > >>>>> It is only necessary to use the Host: header if you use virtual > >>>>> hosting. > >>>>> > >>>>> tom jackson > >>>>> > >>>>> On Friday 17 February 2006 15:12, Janine Sisk wrote: > >>>>>> If I telnet in and do "GET /" I just get the HTML for the page, > >>>>>> like > >>>>>> you would expect: > >>>>>> > >>>>>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" > >>>>>> "http://www.w3.org/TR/html4/loose.dtd";> > >>>>>> <html> > >>>>>> <head> > >>>>>> > >>>>>> and so forth. If I request the page that does the redirect I get > >>>>>> > >>>>>> GET test.tcl > >>>>>> RedirectConnection closed by foreign host. > >>>>>> > >>>>>> However if I request test.tcl in the browser I do get properly > >>>>>> redirected to test2.tcl. I am not very well versed in telnet > >>>>>> commands, so if there's something else I can do to get more info, > >>>>>> please let me know. > >>>>>> > >>>>>> Yes, I have printed out the contents of outputheaders and the > >>>>>> Set- > >>>>>> Cookie is there, but it doesn't make it through the redirect. > >>>>>> > >>>>>> janine > >>>>>> > >>>>>> On Feb 17, 2006, at 2:48 PM, Tom Jackson wrote: > >>>>>>> Janine, > >>>>>>> > >>>>>>> If you telnet into the page, what do you get sent back? > >>>>>>> > >>>>>>> I'm not sure where in here you add the Set-Cookie header? Do you > >>>>>>> know that it > >>>>>>> is in the output headers at the time you grab a copy of the set? > >>>>>>> > >>>>>>> tom jackson > >>>>>>> > >>>>>>> On Friday 17 February 2006 14:10, Janine Sisk wrote: > >>>>>>>> This should be simple, but it's turning out not to be. > >>>>>>>> > >>>>>>>> First I used this code, which I got from a post at openacs.org > >>>>>>>> (and > >>>>>>>> the poster got it from the AOLserver docs for ns_respond): > >>>>>>>> > >>>>>>>> set headers [ns_set new myheaders] > >>>>>>>> ns_set put $headers location $url > >>>>>>>> ns_respond -status $return_code -type text/plain -string > >>>>>>>> Redirect - > >>>>>>>> headers $headers > >>>>>>>> > >>>>>>>> This worked as far as the redirect and status code are > >>>>>>>> concerned, but > >>>>>>>> cookies were no longer functioning. > >>>>>>>> > >>>>>>>> I noticed that ad_set_cookie (an openacs proc) adds a key > >>>>>>>> called > >>>>>>>> Set- > >>>>>>>> Cookie to the "ns_conn outputheaders" set, so I tried this, > >>>>>>>> hoping to > >>>>>>>> capture all possible relevant values: > >>>>>>>> > >>>>>>>> set headers [ad_conn headers] > >>>>>>>> set outputheaders [ad_conn outputheaders] > >>>>>>>> set allheaders [ns_set merge $headers $outputheaders] > >>>>>>>> ns_set idelkey $allheaders location > >>>>>>>> ns_set put $allheaders location $url > >>>>>>>> ns_respond -status $return_code -type text/plain -string > >>>>>>>> Redirect - > >>>>>>>> headers $allheaders > >>>>>>>> > >>>>>>>> No improvement; cookies still don't work. BTW, I tried it > >>>>>>>> with > >>>>>>>> both > >>>>>>>> ns_conn and ad_conn but they both give the exact same > >>>>>>>> output, so > >>>>>>>> same > >>>>>>>> end result. > >>>>>>>> > >>>>>>>> Any suggestions on what I might be doing wrong here? > >>>>>>>> > >>>>>>>> I know that the best way to fix this would be to create an > >>>>>>>> ns_returnmoved function in AOLserver, but I was trying to avoid > >>>>>>>> having any of our clients using a customized version. > >>>>>>>> > >>>>>>>> Thanks for any suggestions, > >>>>>>>> > >>>>>>>> janine > >>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> AOLserver - http://www.aolserver.com/ > >>>>>>>> > >>>>>>>> To Remove yourself from this list, simply send an email to > >>>>>>>> <[EMAIL PROTECTED]> with the body of "SIGNOFF > >>>>>>>> AOLSERVER" > >>>>>>>> in the > >>>>>>>> email message. You can leave the Subject: field of your email > >>>>>>>> blank. > >>>>>>> > >>>>>>> -- > >>>>>>> AOLserver - http://www.aolserver.com/ > >>>>>>> > >>>>>>> To Remove yourself from this list, simply send an email to > >>>>>>> <[EMAIL PROTECTED]> with the > >>>>>>> body of "SIGNOFF AOLSERVER" in the email message. You can leave > >>>>>>> the > >>>>>>> Subject: field of your email blank. > >>>>>> > >>>>>> -- > >>>>>> AOLserver - http://www.aolserver.com/ > >>>>>> > >>>>>> To Remove yourself from this list, simply send an email to > >>>>>> <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" > >>>>>> in the > >>>>>> email message. You can leave the Subject: field of your email > >>>>>> blank. > >>>>> > >>>>> -- > >>>>> AOLserver - http://www.aolserver.com/ > >>>>> > >>>>> To Remove yourself from this list, simply send an email to > >>>>> <[EMAIL PROTECTED]> with the > >>>>> body of "SIGNOFF AOLSERVER" in the email message. You can leave > >>>>> the > >>>>> Subject: field of your email blank. > >>>> > >>>> -- > >>>> AOLserver - http://www.aolserver.com/ > >>>> > >>>> To Remove yourself from this list, simply send an email to > >>>> <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" > >>>> in the > >>>> email message. You can leave the Subject: field of your email > >>>> blank. > >>> > >>> -- > >>> AOLserver - http://www.aolserver.com/ > >>> > >>> To Remove yourself from this list, simply send an email to > >>> <[EMAIL PROTECTED]> with the > >>> body of "SIGNOFF AOLSERVER" in the email message. You can leave the > >>> Subject: field of your email blank. > >> > >> -- > >> AOLserver - http://www.aolserver.com/ > >> > >> To Remove yourself from this list, simply send an email to > >> <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" > >> in the > >> email message. You can leave the Subject: field of your email blank. > > > > -- > > AOLserver - http://www.aolserver.com/ > > > > To Remove yourself from this list, simply send an email to > > <[EMAIL PROTECTED]> with the > > body of "SIGNOFF AOLSERVER" in the email message. You can leave the > > Subject: field of your email blank. > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the > email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
