httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Ligocki <sligo...@google.com>
Subject Re: adding and editing response headers in conf
Date Thu, 16 Jun 2011 16:32:30 GMT
On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis <jlewis@silverhawk.net> wrote:

> On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote:
>
> > Hello,
> >
> > I have a content generator that sets a cookie on a domain. I know the
> > cookie name and the domain name, they never change. However the cookie
> > value and expiration time vary. I would like to add the cookie with
> > same name and value, and optionally the same expiration time to a
> > second domain. Is there a way to do it just by configuring apache and
> > its standard modules? I do not want to _edit_ the Set-Cookie header. I
> > want to _add_ a second Set-Cookie header that is identical to the
> > first with the exception of the domain.
> >
> > Here's an example:
> >
> > The content generator gives the response
> >
> > Set-Cookie: cookie_name=cookie_value; domain=host.domain.net;
> > expires=Mon, 20 Jun 2011 10:00:00 GMT
> >
> > I want the response
> >
> > Set-Cookie: cookie_name=cookie_value; domain=host.domain.net;
> > expires=Mon, 20 Jun 2011 10:00:00 GMT
> > Set-Cookie: cookie_name=cookie_value; domain=.domain.net; expires=Mon,
> > 20 Jun 2011 10:00:00 GMT
> >
> > Can I get this response just by changing the configuration of apache?
> >
> > "Header edit cookie_name(.*)domain=[^;]+(.*)
> > cookie_name$1domain=.domain.net$2" does not help as it only moves the
> > cookie from one domain to the other and I want it copied, not moved.
>
>
> That is really how it should be.  A second header of the same name isn't
> really allowed in the specification.


I believe the HTTP spec does allow multiple Set-Cookie HTTP headers:

>From RFC 2616, Section
4.2<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5>
:

Multiple message-header fields with the same field-name *may* be present in
> a message if and only if the entire field-value for that header field is
> defined as a comma-separated list [i.e., #(values)]. It *must* be possible
> to combine the multiple header fields into one "field-name: field-value"
> pair, without changing the semantics of the message, by appending each
> subsequent field-value to the first, each separated by a comma. The order in
> which header fields with the same field-name are received is therefore
> significant to the interpretation of the combined field value, and thus a
> proxy *must not* change the order of these field values when a message is
> forwarded.


Furthermore, from RFC 2109, Section 4.2.1<http://www.ietf.org/rfc/rfc2109.txt>
:

An origin server may include multiple Set-Cookie headers in a response. Note
> that an intervening gateway could fold multiple such headers into a single
> header.


Cheers,
-Shawn

I realize that some CGI tools
> successfully add it in, and browsers do try to handle multiples, but it
> isn't supposed to happen.
>
> Two viable options :
>
> Print one header with a 302 in order to force the browser to make a
> second request that we can get the other cookie into.
>
> Respond with javascript that sets the cookie for the second domain.
>
> Joe
> --
> Director - Systems Administration
> http://www.silverhawk.net/
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message