HTTP_COOKIE exists under HTTPS, but not under HTTP

HTTP_COOKIE exists under HTTPS, but not under HTTP

am 08.04.2008 02:44:45 von darlingm

I'm probably missing something simple. I am migrating to a new server. The
old server ran Apache 2.0.46 on RHEL 3, and the new server runs Apache 2.2.3
on CentOS 5.1. The packages related to apache that my new server has
installed are: "apr - 1.2.7-11.x86_64", "apr-util - 1.2.7-6.x86_64", "httpd
- 2.2.3-11.el5_1.centos.3.x86_64", "mod_ssl -
1:2.2.3-11.el5_1.centos.3.x86_64", and "php - 5.1.6-15.el5.x86_64".

On the new server, HTTP_COOKIE only exists when using a HTTPS connection.
HTTP_COOKIE does not exist at all when using a HTTP connection. This occurs
regardless of what computer I'm using, or what browser I'm using.

Any ideas on what I'm missing? I'm positive the cookies are created and
exist, I've verified that through the FireFox addon "View Cookies". The
cookies have the Domain ".www.mydomain.com" but do not specify a protocol
(if they even can.) I ran into this with some CGI applications not finding
their cookies, and verified it by running a perl CGI script that prints out
every environment variable.

Everything else is identical from the perl CGI script showing environment
variables, except HTTPS of course has "HTTPS = on", the REMOTE_PORT is of
course different, the SERVER_PORT of course changes from 80 to 443, and all
the SSL_* variables exist.

I've compared my old server's http configuration files to my new server's,
and can't see anything I've missed, but obviously I'm missing something
somewhere.
--
View this message in context: http://www.nabble.com/HTTP_COOKIE-exists-under-HTTPS%2C-but- not-under-HTTP-tp16544373p16544373.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: HTTP_COOKIE exists under HTTPS, but not under HTTP

am 08.04.2008 08:21:41 von Krist van Besien

On Tue, Apr 8, 2008 at 2:44 AM, darlingm wrote:
>
> I'm probably missing something simple. I am migrating to a new server. The
> old server ran Apache 2.0.46 on RHEL 3, and the new server runs Apache 2.2.3
> on CentOS 5.1. The packages related to apache that my new server has
> installed are: "apr - 1.2.7-11.x86_64", "apr-util - 1.2.7-6.x86_64", "httpd
> - 2.2.3-11.el5_1.centos.3.x86_64", "mod_ssl -
> 1:2.2.3-11.el5_1.centos.3.x86_64", and "php - 5.1.6-15.el5.x86_64".
>
> On the new server, HTTP_COOKIE only exists when using a HTTPS connection.
> HTTP_COOKIE does not exist at all when using a HTTP connection. This occurs
> regardless of what computer I'm using, or what browser I'm using.
>
> Any ideas on what I'm missing? I'm positive the cookies are created and
> exist, I've verified that through the FireFox addon "View Cookies". The
> cookies have the Domain ".www.mydomain.com" but do not specify a protocol
> (if they even can.) I ran into this with some CGI applications not finding
> their cookies, and verified it by running a perl CGI script that prints out
> every environment variable.
>
> Everything else is identical from the perl CGI script showing environment
> variables, except HTTPS of course has "HTTPS = on", the REMOTE_PORT is of
> course different, the SERVER_PORT of course changes from 80 to 443, and all
> the SSL_* variables exist.
>
> I've compared my old server's http configuration files to my new server's,
> and can't see anything I've missed, but obviously I'm missing something
> somewhere.

Have you verified (using a tool like firebug, which I highly
recommmend) that a COOKIE is sent to the browser the first time it
connects with the https hosts?

Krist


--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org