perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Young <>
Subject Re: APR::* + PerlResponseHandler + Reading Cookie
Date Tue, 14 Mar 2006 20:34:40 GMT
in the future please keep responses on list :)

yperl wrote:
> Geoffrey Young a écrit :
>> I find myself wondering if you're trying to set the cookie in one
>> phase and
>> read it from the PerlResponseHandler _during the same request_?
> Yes. Is that usage not recommended?
> Nothing in the doc is against that.

it wouldn't be in the docs - it's the nature of the HTTP protocol and how
cookies interact with it.

> I'm creating the cookie in a PerlAccessHandler and reading it from
> a PerlResponseHandler, in the same request.

nope, can't do that :)

it works like this...

your access handler will set the Set-Cookie header, which goes to the
client.  when you try to read the cookie in from your PerlResponseHandler
you aren't at the client yet, so there's no cookie to read back in yet - the
client has yet to receive your cookie :)

on the _next_ request the client will sent the Cookie header with its
request and then you'll be able to glean it in your application.

[lots of stuff snipped]

> GET http://coro/gdlweb/resolver
> User-Agent: lwp-request/2.07
> http://coro/gdlweb/resolver?utilisateur=sara&motdepasse=sara&target=accueil
> --> 200 OK
> Connection: close
> Date: Tue, 14 Mar 2006 20:15:47 GMT
> Server: Apache/2.2.0 (Unix) GDLWeb-BnF/0.3 mod_ssl/2.2.0 OpenSSL/0.9.7i
> DAV/2 mod_apreq2-20051231/2.5.7 mod_perl/2.0.3-dev Perl/v5.8.8
> Content-Length: 0
> Content-Type: text/plain
> Client-Date: Tue, 14 Mar 2006 20:15:47 GMT
> Client-Peer:
> Client-Response-Num: 1
> Set-Cookie: foo=1142367347; path=/

yup, there  it is.

> * Apache output:
> [Tue Mar 14 21:10:33 2006] [error] access to /gdlweb/resolver failed for
>, reason: >>> cookie: none
> [Tue Mar 14 21:10:33 2006] [error] access to /gdlweb/resolver failed for
>, reason: >>> JAR: $VAR1 = 'GET /gdlweb/resolver
> HTTP/1.1\nTE: deflate,gzip;q=0.3\nConnection: TE, close\nHost:
> coro\nUser-Agent: lwp-request/2.07\n\nHTTP/1.1 (null)\nSet-Cookie:
> foo=1142367347; path=/\n\n';\n
> We can easily see that the dumped object $r contains the cookie named
> "foo".

no it doesn't.  it has the Set-Cookie header it it, which is different from
the Cookie header the client will send you it has successfully registered a
cookie for your domain.

but really, it sounds like you're trying to reinvent the wheel a bit - take
a look at Apache::AuthCookie on CPAN for cookie-based authentication.  and
while you can find the nuances of cookies lots of places on the web, you
might find this a useful read as well, as there are lots of interesting
things you can do with cookies and authentication in general with mod_perl.



View raw message