Hi all,
I've found what seems to be a problem with Cookies in mp2. The gist is
that if you return FORBIDDEN after setting your cookie header, the header
is not sent properly.
When I do:
$cookie = 'foo=bar';
$location = 'http::/my.domain.com/new/path';
$r->err_headers_out->{'Set-Cookie'} = $cookie;
$r->err_headers_out->{'Location'} = $location;
return Apache::HTTP_MOVED_TEMPORARILY;
Then the cookie is present on the incoming request in $ENV{HTTP_COOKIE},
visible in $r->as_string as 'Cookie: foo=bar', and accessible through
$r->headers_in{'Cookie'}, all as expected.
But if I do:
# httpd.conf
ErrorDocument 403 /new/path
$cookie = 'foo=bar';
$r->err_headers_out->{'Set-Cookie'} = $cookie;
return Apache::FORBIDDEN;
Then in the iincoming request $ENV{HTTP_COOKIE} is unset, and the
_incoming_ header is the wrong one, shown by $r->as_string: 'Set-Cookie:
foo=bar' instead of 'Cookie: foo=bar'.
I'm going to work around this by returning a 302, but I think the behavior
is problematic for Auth schemes. I looked for the t/apache/cookie.t test
to monkey with but it's gone in the latest cvs tarball.
- nick
--
~~~~~~~~~~~~~~~~~~~~
Nick Tonkin {|8^)>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
