Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm
Precedence: bulk
Received-SPF: pass (asf.osuosl.org: local policy)
Message-ID: <441728E0.1090202@modperlcookbook.org>
Date: Tue, 14 Mar 2006 15:34:40 -0500
From: Geoffrey Young <geoff@modperlcookbook.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040927
MIME-Version: 1.0
To: yperl <yperl@club-internet.fr>, modperl@perl.apache.org
Subject: Re: APR::* + PerlResponseHandler + Reading Cookie
References: <mnet1.1142358275.8591.yperl@club-internet.fr>
 <44171C3E.2050109@modperlcookbook.org> <4417264A.8070404@club-internet.fr>
In-Reply-To: <4417264A.8070404@club-internet.fr>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

in the future please keep responses on list :)

yperl wrote:
> Geoffrey Young a �crit :
> 
>>
>> I find myself wondering if you're trying to set the cookie in one
>> phase and
>> read it from the PerlResponseHandler _during the same request_?
>>   
> 
> Yes. Is that usage not recommended?
> Nothing in the doc is against that.

it wouldn't be in the docs - it's the nature of the HTTP protocol and how
cookies interact with it.

> 
> I'm creating the cookie in a PerlAccessHandler and reading it from
> a PerlResponseHandler, in the same request.

nope, can't do that :)

it works like this...

your access handler will set the Set-Cookie header, which goes to the
client.  when you try to read the cookie in from your PerlResponseHandler
you aren't at the client yet, so there's no cookie to read back in yet - the
client has yet to receive your cookie :)

on the _next_ request the client will sent the Cookie header with its
request and then you'll be able to glean it in your application.

[lots of stuff snipped]

> GET http://coro/gdlweb/resolver
> User-Agent: lwp-request/2.07
> 
> GET
> http://coro/gdlweb/resolver?utilisateur=sara&motdepasse=sara&target=accueil
> --> 200 OK
> Connection: close
> Date: Tue, 14 Mar 2006 20:15:47 GMT
> Server: Apache/2.2.0 (Unix) GDLWeb-BnF/0.3 mod_ssl/2.2.0 OpenSSL/0.9.7i
> DAV/2 mod_apreq2-20051231/2.5.7 mod_perl/2.0.3-dev Perl/v5.8.8
> Content-Length: 0
> Content-Type: text/plain
> Client-Date: Tue, 14 Mar 2006 20:15:47 GMT
> Client-Peer: 192.168.1.3:80
> Client-Response-Num: 1
> Set-Cookie: foo=1142367347; path=/

yup, there  it is.

> 
> * Apache output:
> 
> [Tue Mar 14 21:10:33 2006] [error] access to /gdlweb/resolver failed for
> 192.168.1.3, reason: >>> cookie: none
> 
> [Tue Mar 14 21:10:33 2006] [error] access to /gdlweb/resolver failed for
> 192.168.1.3, reason: >>> JAR: $VAR1 = 'GET /gdlweb/resolver
> HTTP/1.1\nTE: deflate,gzip;q=0.3\nConnection: TE, close\nHost:
> coro\nUser-Agent: lwp-request/2.07\n\nHTTP/1.1 (null)\nSet-Cookie:
> foo=1142367347; path=/\n\n';\n
> 
> 
> 
> We can easily see that the dumped object $r contains the cookie named
> "foo".

no it doesn't.  it has the Set-Cookie header it it, which is different from
the Cookie header the client will send you it has successfully registered a
cookie for your domain.

but really, it sounds like you're trying to reinvent the wheel a bit - take
a look at Apache::AuthCookie on CPAN for cookie-based authentication.  and
while you can find the nuances of cookies lots of places on the web, you
might find this a useful read as well, as there are lots of interesting
things you can do with cookies and authentication in general with mod_perl.

  http://www.modperlcookbook.org/chapters/ch13.pdf

HTH

--Geoff