Re: adding and editing response headers in conf
On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Hello, I have a content generator that sets a cookie on a domain. I know the cookie name and the domain name, they never change. However the cookie value and expiration time vary. I would like to add the cookie with same name and value, and optionally the same expiration time to a second domain. Is there a way to do it just by configuring apache and its standard modules? I do not want to _edit_ the Set-Cookie header. I want to _add_ a second Set-Cookie header that is identical to the first with the exception of the domain. Here's an example: The content generator gives the response Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT I want the response Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT Set-Cookie: cookie_name=cookie_value; domain=.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: From RFC 2616, Section 4.2http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5 : Multiple message-header fields with the same field-name *may* be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy *must not* change the order of these field values when a message is forwarded. Furthermore, from RFC 2109, Section 4.2.1http://www.ietf.org/rfc/rfc2109.txt : An origin server may include multiple Set-Cookie headers in a response. Note that an intervening gateway could fold multiple such headers into a single header. Cheers, -Shawn I realize that some CGI tools successfully add it in, and browsers do try to handle multiples, but it isn't supposed to happen. Two viable options : Print one header with a 302 in order to force the browser to make a second request that we can get the other cookie into. Respond with javascript that sets the cookie for the second domain. Joe -- Director - Systems Administration http://www.silverhawk.net/
Re: adding and editing response headers in conf
On Thu, 2011-06-16 at 12:32 -0400, Shawn Ligocki wrote: On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: From RFC 2616, Section 4.2http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5 : Multiple message-header fields with the same field-name *may* be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy *must not* change the order of these field values when a message is forwarded. Sorin, there is your answer. Set the header to a single value containing both cookies. Thanks, Shawn! Joe -- Director - Systems Administration http://www.silverhawk.net/
Re: adding and editing response headers in conf
On Thu, Jun 16, 2011 at 18:41, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 12:32 -0400, Shawn Ligocki wrote: On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: From RFC 2616, Section 4.2http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5 : Multiple message-header fields with the same field-name *may* be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy *must not* change the order of these field values when a message is forwarded. Sorin, there is your answer. Set the header to a single value containing both cookies. Thanks, Shawn! Thanks, I've tried, but it does not work. First, Firefox seems to simply ignore the second cookie. I do Set-Cookie: a=1,b=2 and I see only a=1 in my cookie collection. Second, there's the problem with expires. Typically its syntax is Mon, 15-Aug-2011 10:00:00 GMT, i.e. it contains a comma. So I think that Set-Cookie does not satisfy the condition It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message Sorin
Re: adding and editing response headers in conf
On Thu, 2011-06-16 at 18:57 +0200, Sorin Manolache wrote: On Thu, Jun 16, 2011 at 18:41, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 12:32 -0400, Shawn Ligocki wrote: On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: From RFC 2616, Section 4.2http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5 : Multiple message-header fields with the same field-name *may* be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy *must not* change the order of these field values when a message is forwarded. Sorin, there is your answer. Set the header to a single value containing both cookies. Thanks, Shawn! Thanks, I've tried, but it does not work. First, Firefox seems to simply ignore the second cookie. I do Set-Cookie: a=1,b=2 and I see only a=1 in my cookie collection. Second, there's the problem with expires. Typically its syntax is Mon, 15-Aug-2011 10:00:00 GMT, i.e. it contains a comma. So I think that Set-Cookie does not satisfy the condition It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message Sorin That's the Netscape spec, and a lot of browsers (Firefox by nature is in this category due to it's ancestry) choose to implement that. If the comma doesn't work, you might have to resort to the javascript or the location bounce to get the second header. The problem with the native C approaches to adding a second header is that it uses the apr_table_* functions, which overwrite what is in there when a new one is set. Joe -- Director - Systems Administration http://www.silverhawk.net/
Re: adding and editing response headers in conf
On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Hello, I have a content generator that sets a cookie on a domain. I know the cookie name and the domain name, they never change. However the cookie value and expiration time vary. I would like to add the cookie with same name and value, and optionally the same expiration time to a second domain. Is there a way to do it just by configuring apache and its standard modules? I do not want to _edit_ the Set-Cookie header. I want to _add_ a second Set-Cookie header that is identical to the first with the exception of the domain. Here's an example: The content generator gives the response Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT I want the response Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT Set-Cookie: cookie_name=cookie_value; domain=.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I realize that some CGI tools successfully add it in, and browsers do try to handle multiples, but it isn't supposed to happen. Two viable options : Print one header with a 302 in order to force the browser to make a second request that we can get the other cookie into. Respond with javascript that sets the cookie for the second domain. Joe -- Director - Systems Administration http://www.silverhawk.net/
