httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony DiSante <>
Subject [users@httpd] SSI redirection in standard header
Date Mon, 27 Dec 2004 19:11:20 GMT
I'm looking for a solution that doesn't involve any PHP, but which achieves 
this effect:

if(!$session_cookie_exists && !$user_is_a_search_bot)
   header("Location: http://$HTTP_HOST/cgi-bin/set_session_cookie.cgi");

<?PHP include("$DOCUMENT_ROOT/head.php"); ?>

<!-- page content goes here -->

The result is that the user gets redirected -- transparently and temporarily 
-- to a script that sets a session cookie, and then he gets automatically 
returned to the page he originally requested.  So this is all invisible to 
the user.

But with SSI that doesn't work, because even if /head.shtml contains just 
this one line:

<!--#include virtual("/cgi-bin/set_session_cookie.cgi") -->

...that script can't do a Location:-redirect, because Apache has already 
started sending headers.  The best approximation I've been able to come up 
with so far is this:

<!-- all normal site header stuff goes here -->

<!--#if expr="$HTTP_COOKIE != /sess_id=foo/ && $HTTP_USER_AGENT = 
/Mozilla|etc/" -->

<meta http-equiv="refresh" 

<!--#else -->

<!--#include virtual="/head.shtml" -->

<!-- page content goes here -->

<!--#endif -->

That solution has a couple big problems, though:

1. it's a LOT of stuff to have to put at the top of every file on a website, 
especially compared to just include("$DOCUMENT_ROOT/head.php") in PHP.

2. the browser-list must be hard-coded, so whenever a new web-browser comes 
out, you'd have to edit every single file on the website, so you can add its 
name to the regex /Mozilla|etc/.

3. the HTTP_HOST ( must be hard-coded too, so the same maintenance 
problems exist as in (2).

(Yes, the header in all any_other_pages.shtml can be updated by a simple 
shell/perl script, but even that is a nightmare to worry about when you're 
dealing with multiple servers, possibly ones on which you did the initial 
setup but are now not directly under your control.)

I don't want to use PHP because this is the ONLY thing I'd really need it 
for... and I'd rather not have to install PHP at all on my servers if I 
don't have to (since it's a pain to configure esp. compared to Perl, and 
since it's just one more thing to worry about upgrading/patching against 
exploits).  However, I don't see any good solution to this problem using 
just SSI/CGI.  If a CGI script could cause the server to stop sending its 
current output altogether and start outputting a different page (which is 
what the Location: header does, which can't be done through SSI), that would 
solve the problem, but other than that I'm not sure.  Any ideas?

Anthony DiSante

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message