How To Set Cookies on Localhost Using RewriteRule Directive

How To Set Cookies on Localhost Using RewriteRule Directive

am 26.03.2010 19:32:04 von Alan Brown

--=======AVGMAIL-7A4F0AE6=======
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit

Hi, I new to this mailing list and would like to ask for advice re the above
problem. I am currently teaching myself web design and development, and
currently working through various configurations of the Apache web server.
(I am also working at the moment through the book on mod_rewrite by Rich
Bowen).



I am running the Apache Friends XAMPP Package v1.7.2 on XP Pro SP3, which
has Apache v2.2.12.



The problem is that with a directive like :-



RewriteRule /dir1/test\.html - [CO=testcookie:val123:localhost:1440, L]



the cookie is not being accepted by the browser, though Apache is actually
sending it. I am testing with Firefox v3.6.2, and I can see that the correct
SetCookie header is sent in the HTTP response using the Live HTTP Headers
Firefox plug-in. But when I check in Firefox there is no cookie there.



I know that the immediate conclusion here is that this is not an Apache
issue, because it is sending the cookie as requested in the RewriteRule
directive. However I wonder if there may be some workaround to overcome this
problem. I have done some investigation, and found that when using the PHP
'setcookie' function, instead of using Apache to set the cookie, the
following will work :-



setcookie('testcookie', val123, time()+60*60*24, '/dir1/');



But when I add in the domain parameter :-



setcookie('testcookie', val123, time()+60*60*24, '/dir1/', 'localhost');



then the cookie is not set in the browser.



If instead of 'localhost' as the domain I use an empty string, or if I use
' ', ie. a single blank space, then the cookie IS set.



Because of that I have sought some workaround in Apache. Initially I thought
I could somehow get Apache to accept the empty string or ' ' (single space)
as the domain field in the CO flag of the RewriteRule directive. But, on
trying :-



RewriteRule /dir1/test\.html - [CO=testcookie: :localhost:1440, L]



Apache throws up a syntax error in http.conf.



And on trying :-



RewriteRule /dir1/test\.html - [CO=testcookie::localhost:1440, L]



Apache gets confused and assigns the domain to the value '1440'.



I tried a couple of other tricks :-



(1) Use a dummy empty string as a regex back-reference :-

RewriteRule /dir1/te()st\.html - [CO=testcookie:$1:localhost:1440, L]



(2) Use a dummy environment variable reference :-

SetEnvIf Request_URI . TESTVAR=

RewriteRule /dir1/test\.html - [CO=testcookie:
%{ENV:TESTVAR}:localhost:1440, L]



But neither of these are helpful, though (2) looked like it may have worked
if it had been possible to set TESTVAR to be a string consisting of a single
blank space - however I can not see any way to do that.



I suspect the behaviour of the browser in rejecting this localhost cookie
may be by design (see RFC 2965 section 3.3.2), and that all browsers will
treat it in much the same way as Firefox.



Because I can find a workaround in PHP though, I am wondering whether there
is any possible workaround for the Apache RewriteRule directive. I think
this could be helpful to a lot of people who are testing applications and
learning Apache and web development on a local machine, as they will
encounter the same problem.



Any help/advice is much appreciated.





--=======AVGMAIL-7A4F0AE6=======
Content-Type: multipart/alternative;
boundary="=======AVGMAIL-68FC4C86======="

--=======AVGMAIL-68FC4C86=======
Content-Type: text/plain; x-avg=cert; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-Description: "AVG certification"


No virus found in this outgoing message.
Checked by AVG - www.avg.com
Version: 8.5.437 / Virus Database: 271.1.1/2771 - Release Date: 03/26/10 07:=
33:00

--=======AVGMAIL-68FC4C86=======--

--=======AVGMAIL-7A4F0AE6=======
Content-Type: text/plain; charset=us-ascii


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
--=======AVGMAIL-7A4F0AE6=======--

Re: How To Set Cookies on Localhost Using RewriteRule Directive

am 27.03.2010 14:52:50 von Alan Brown

--=======AVGMAIL-34653D7D=======
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit

As usual something occurred to me last night whilst I was not even thinking
about this problem - what is often a problem with including a space in a
command parameter string of some kind? Yes, of course - put double quotes
around it !!


So the following is a valid workaround :-

RewriteRule /dir1/test\.html - "[CO=testcookie:testvalue: :1440, L]"


(I have written out the Rewrite Rule CO flags incorrectly in my original
post - there shouldn't be the 'localhost' there - that is the field I am
trying to set to ' '. Also its missing the value field which is the second
CO parameter).


Without these quotes on running syntax checker 'httpd -t' you get 'Bad flag
delimiters' error.


Likewise if you have a spaces in your regex pattern, ie the incoming URL,
then you need to put double quotes around that field also, eg.


RewriteRule "/dir1/test data file\.html" - "[CO=testcookie:testvalue: :1440,
L]"


It might be helpful if in the Apache documentation it mentioned this need
for double quotes where spaces are used in parameter strings such as this.





----- Original Message -----
From: "Alan Brown"
To:
Sent: Friday, March 26, 2010 6:32 PM
Subject: [users@httpd] How To Set Cookies on Localhost Using RewriteRule
Directive


> Hi, I new to this mailing list and would like to ask for advice re the
> above
> problem. I am currently teaching myself web design and development, and
> currently working through various configurations of the Apache web server.
> (I am also working at the moment through the book on mod_rewrite by Rich
> Bowen).
>
>
>
> I am running the Apache Friends XAMPP Package v1.7.2 on XP Pro SP3, which
> has Apache v2.2.12.
>
>
>
> The problem is that with a directive like :-
>
>
>
> RewriteRule /dir1/test\.html - [CO=testcookie:val123:localhost:1440, L]
>
>
>
> the cookie is not being accepted by the browser, though Apache is actually
> sending it. I am testing with Firefox v3.6.2, and I can see that the
> correct
> SetCookie header is sent in the HTTP response using the Live HTTP Headers
> Firefox plug-in. But when I check in Firefox there is no cookie there.
>
>
>
> I know that the immediate conclusion here is that this is not an Apache
> issue, because it is sending the cookie as requested in the RewriteRule
> directive. However I wonder if there may be some workaround to overcome
> this
> problem. I have done some investigation, and found that when using the PHP
> 'setcookie' function, instead of using Apache to set the cookie, the
> following will work :-
>
>
>
> setcookie('testcookie', val123, time()+60*60*24, '/dir1/');
>
>
>
> But when I add in the domain parameter :-
>
>
>
> setcookie('testcookie', val123, time()+60*60*24, '/dir1/', 'localhost');
>
>
>
> then the cookie is not set in the browser.
>
>
>
> If instead of 'localhost' as the domain I use an empty string, or if I use
> ' ', ie. a single blank space, then the cookie IS set.
>
>
>
> Because of that I have sought some workaround in Apache. Initially I
> thought
> I could somehow get Apache to accept the empty string or ' ' (single
> space)
> as the domain field in the CO flag of the RewriteRule directive. But, on
> trying :-
>
>
>
> RewriteRule /dir1/test\.html - [CO=testcookie: :localhost:1440, L]
>
>
>
> Apache throws up a syntax error in http.conf.
>
>
>
> And on trying :-
>
>
>
> RewriteRule /dir1/test\.html - [CO=testcookie::localhost:1440, L]
>
>
>
> Apache gets confused and assigns the domain to the value '1440'.
>
>
>
> I tried a couple of other tricks :-
>
>
>
> (1) Use a dummy empty string as a regex back-reference :-
>
> RewriteRule /dir1/te()st\.html - [CO=testcookie:$1:localhost:1440, L]
>
>
>
> (2) Use a dummy environment variable reference :-
>
> SetEnvIf Request_URI . TESTVAR=
>
> RewriteRule /dir1/test\.html - [CO=testcookie:
> %{ENV:TESTVAR}:localhost:1440, L]
>
>
>
> But neither of these are helpful, though (2) looked like it may have
> worked
> if it had been possible to set TESTVAR to be a string consisting of a
> single
> blank space - however I can not see any way to do that.
>
>
>
> I suspect the behaviour of the browser in rejecting this localhost cookie
> may be by design (see RFC 2965 section 3.3.2), and that all browsers will
> treat it in much the same way as Firefox.
>
>
>
> Because I can find a workaround in PHP though, I am wondering whether
> there
> is any possible workaround for the Apache RewriteRule directive. I think
> this could be helpful to a lot of people who are testing applications and
> learning Apache and web development on a local machine, as they will
> encounter the same problem.
>
>
>
> Any help/advice is much appreciated.
>
>
>
>
>


------------------------------------------------------------ --------------------


>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


------------------------------------------------------------ --------------------



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.437 / Virus Database: 271.1.1/2771 - Release Date: 03/26/10
07:33:00

--=======AVGMAIL-34653D7D=======
Content-Type: multipart/alternative;
boundary="=======AVGMAIL-5CFA6449======="

--=======AVGMAIL-5CFA6449=======
Content-Type: text/plain; x-avg=cert; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-Description: "AVG certification"


No virus found in this outgoing message.
Checked by AVG - www.avg.com
Version: 8.5.437 / Virus Database: 271.1.1/2773 - Release Date: 03/27/10 07:=
32:00

--=======AVGMAIL-5CFA6449=======--

--=======AVGMAIL-34653D7D=======
Content-Type: text/plain; charset=us-ascii


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
--=======AVGMAIL-34653D7D=======--