Return-Path: 
 <modules-dev-return-3446-apmail-httpd-modules-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-modules-dev-archive@minotaur.apache.org
Delivered-To: apmail-httpd-modules-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C36136587
	for <apmail-httpd-modules-dev-archive@minotaur.apache.org>;
 Thu, 16 Jun 2011 16:33:18 +0000 (UTC)
Received: (qmail 25697 invoked by uid 500); 16 Jun 2011 16:33:18 -0000
Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org
Received: (qmail 25663 invoked by uid 500); 16 Jun 2011 16:33:18 -0000
Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:modules-dev-help@httpd.apache.org>
List-Unsubscribe: <mailto:modules-dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:modules-dev@httpd.apache.org>
List-Id: <modules-dev.httpd.apache.org>
Reply-To: modules-dev@httpd.apache.org
Delivered-To: mailing list modules-dev@httpd.apache.org
Received: (qmail 25655 invoked by uid 99); 16 Jun 2011 16:33:18 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Jun 2011 16:33:18 +0000
X-ASF-Spam-Status: No, hits=-0.1 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of sligocki@google.com
 designates 216.239.44.51 as permitted sender)
Received: from [216.239.44.51] (HELO smtp-out.google.com) (216.239.44.51)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Jun 2011 16:33:14 +0000
Received: from hpaq1.eem.corp.google.com (hpaq1.eem.corp.google.com
 [172.25.149.1])
	by smtp-out.google.com with ESMTP id p5GGWqNO003978
	for <modules-dev@httpd.apache.org>; Thu, 16 Jun 2011 09:32:53 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta;
	t=1308241973; bh=iLII8KHNVrFgqu3oIR8cfZZborU=;
	h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject:
	 To:Content-Type;
	b=KNdK4wUxve4Ej9WySBf7Ca32agbKUI+oT8OL92Z5FuSLwmBoP00UAg0baQlYpwp+f
	 FKpholl6bYTJYcChW4RJA==
Received: from wyb28 (wyb28.prod.google.com [10.241.225.92])
	by hpaq1.eem.corp.google.com with ESMTP id p5GGWpN1018261
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT)
	for <modules-dev@httpd.apache.org>; Thu, 16 Jun 2011 09:32:51 -0700
Received: by wyb28 with SMTP id 28so194265wyb.26
        for <modules-dev@httpd.apache.org>;
 Thu, 16 Jun 2011 09:32:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=beta;
        h=domainkey-signature:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:content-type;
        bh=ZWLP6I/dKfHpDssmVc/Vr276b8G7J7g65aPT6ES59gE=;
        b=C6gCOQzU3b2PdFX1Us4ZUMVdfKAHChnqZLSz3oNAp/oxuvZhGw4pBq+vKeAO6ToUxf
         hk5JafDLzhcDolY0Mz7Q==
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=google.com; s=beta;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        b=ydsZqAK0N+R5vxa5xhYN5PjzPzBL4rM8jbeFLinjM4ulFDk9HtTfVhN8fesdAzu7MB
         CbpQf2AHKHLCHbQVsjKw==
Received: by 10.216.190.40 with SMTP id d40mr1117117wen.34.1308241971137; Thu,
 16 Jun 2011 09:32:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.69.7 with HTTP; Thu, 16 Jun 2011 09:32:30 -0700 (PDT)
In-Reply-To: <1308239875.2311.40.camel@cyanide.overstock.com>
References: <BANLkTiknKLKjikExQcDj-a3WS6C-149ngQ@mail.gmail.com>
 <1308239875.2311.40.camel@cyanide.overstock.com>
From: Shawn Ligocki <sligocki@google.com>
Date: Thu, 16 Jun 2011 12:32:30 -0400
Message-ID: <BANLkTinL1_s6-6mSaeciebfFn5w2k9gicA@mail.gmail.com>
Subject: Re: adding and editing response headers in conf
To: modules-dev@httpd.apache.org
Content-Type: multipart/alternative; boundary=001485f27b3af84c4104a5d6d1bb
X-System-Of-Record: true

--001485f27b3af84c4104a5d6d1bb
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis <jlewis@silverhawk.net> wrote:

> On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote:
>
> > Hello,
> >
> > I have a content generator that sets a cookie on a domain. I know the
> > cookie name and the domain name, they never change. However the cookie
> > value and expiration time vary. I would like to add the cookie with
> > same name and value, and optionally the same expiration time to a
> > second domain. Is there a way to do it just by configuring apache and
> > its standard modules? I do not want to _edit_ the Set-Cookie header. I
> > want to _add_ a second Set-Cookie header that is identical to the
> > first with the exception of the domain.
> >
> > Here's an example:
> >
> > The content generator gives the response
> >
> > Set-Cookie: cookie_name=cookie_value; domain=host.domain.net;
> > expires=Mon, 20 Jun 2011 10:00:00 GMT
> >
> > I want the response
> >
> > Set-Cookie: cookie_name=cookie_value; domain=host.domain.net;
> > expires=Mon, 20 Jun 2011 10:00:00 GMT
> > Set-Cookie: cookie_name=cookie_value; domain=.domain.net; expires=Mon,
> > 20 Jun 2011 10:00:00 GMT
> >
> > Can I get this response just by changing the configuration of apache?
> >
> > "Header edit cookie_name(.*)domain=[^;]+(.*)
> > cookie_name$1domain=.domain.net$2" does not help as it only moves the
> > cookie from one domain to the other and I want it copied, not moved.
>
>
> That is really how it should be.  A second header of the same name isn't
> really allowed in the specification.


I believe the HTTP spec does allow multiple Set-Cookie HTTP headers:

>From RFC 2616, Section
4.2<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5>
:

Multiple message-header fields with the same field-name *may* be present in
> a message if and only if the entire field-value for that header field is
> defined as a comma-separated list [i.e., #(values)]. It *must* be possible
> to combine the multiple header fields into one "field-name: field-value"
> pair, without changing the semantics of the message, by appending each
> subsequent field-value to the first, each separated by a comma. The order in
> which header fields with the same field-name are received is therefore
> significant to the interpretation of the combined field value, and thus a
> proxy *must not* change the order of these field values when a message is
> forwarded.


Furthermore, from RFC 2109, Section 4.2.1<http://www.ietf.org/rfc/rfc2109.txt>
:

An origin server may include multiple Set-Cookie headers in a response. Note
> that an intervening gateway could fold multiple such headers into a single
> header.


Cheers,
-Shawn

I realize that some CGI tools
> successfully add it in, and browsers do try to handle multiples, but it
> isn't supposed to happen.
>
> Two viable options :
>
> Print one header with a 302 in order to force the browser to make a
> second request that we can get the other cookie into.
>
> Respond with javascript that sets the cookie for the second domain.
>
> Joe
> --
> Director - Systems Administration
> http://www.silverhawk.net/
>

--001485f27b3af84c4104a5d6d1bb--