perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Devin Teske <>
Subject Re: Overwriting a cookie in request header
Date Tue, 17 Nov 2009 15:31:57 GMT
Try this:

use CGI::Util;
my $domain = "";
# Add cookie to HTTP response
$r->err_headers_out->add("Set-Cookie" =>
	. "; path=/"
	. "; expires="
	. &CGI::Util::expires('+60m', 'cookie');
	. "; domain=$domain";

This will create a cookie and add it to the HTTP response header, which
will then expire in 60 minutes on the client-side by the browser.

Now let's say that you want to then kill that cookie (or perhaps change
its value, or perhaps just update it so that it doesn't expire). This is
done by passing back to the client (in a new HTTP response) a cookie
with (a) the same name, (b) the same domain, and (c) the same path.
These three key values (cookie name, path, and domain) are what create a
unique cookie (and hence why you've ended up with two cookies ... it's
not enough to simply pass back a name/value pair).

Here's an example for later deleting that same cookie (going with the
above example, let's say the cookie's name is "cookie_name").

use CGI::Util;
my $domain = "";
# Tell the browser to delete cookie 'cookie_name' (set previously)
$r->err_headers_out->add("Set-Cookie" =>
	. "; path=/"
	. "; expires="
	. &CGI::Util::expires('now', 'cookie');
	. "; domain=$domain";

The expiration value of 'now' is translated by the expires() sub-routine
into a valid cookie expiration date/time-string and facilitates the
expiration of the cookie at the browser-side.

Again, remember that the cookie_name, path, and domain MUST match that
of the original cookie, else nothing will happen.

Modifying the value of an existing cookie is very similar... just pass
back a cookie with matching name/path/domain with some new value and
with an expiration sometime in the future... the browser will overwrite
the old cookie with the new (again, because the name/path/domain match).

On Tue, 2009-11-17 at 10:09 -0500, Sinha, Ritu wrote:
> I have an Apache module in which I am trying to overwrite the value of
> a cookie. I have tried different methods of the APR::Table without
> success.
> Here are the approaches that I have tried:
> [1] $r->headers_out->set("Set-Cookie", $cookie);
> Here, $cookie has the name=value pair with the name of the cookie that
> needs to be overwritten. The outcome is 2 cookies with the same name.
> [2] $cookie = $r->headers_in->{Cookie};
> <search-and-replace the cookie value in $cookie>
> $r->headers_out->{Cookie}=$cookie;
> Does not do anything to the existing cookie … does not even add a new
> cookie.
> [3] $cookie = $r->headers_in->{Cookie};
> @cookies = split(/;/,$cookie);
> $r->headers_out->clear();
> < add cookies one-by-one replacing the value of the cookie in question
> using  $r->headers_out->set("Set-Cookie", $cookie); >
> The web application does not work … seems like clearing the header
> creates problems.
> Any pointers would be really helpful.
> Thanks,
> Ritu
Devin Teske

Field Engineer
FIS - Vicor Business Unit
626-573-6040 Office
510-735-5650 Mobile

This message  contains confidential  and proprietary  information
of the sender,  and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person  is strictly prohibited.  If you have  received this
message in error,  please notify  the e-mail sender  immediately,
and delete the original message without making a copy.


View raw message