Overwriting a cookie in request header

--_000_FB816ACEE14B604180685C57F6A64DE6165B020CGSCMAMP27EXfi rm_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I have an Apache module in which I am trying to overwrite the value of a co=
okie. I have tried different methods of the APR::Table without success.
Here are the approaches that I have tried:

[1] $r->headers_out->set("Set-Cookie", $cookie);

Here, $cookie has the name=3Dvalue pair with the name of the cookie that ne=
eds to be overwritten. The outcome is 2 cookies with the same name.

[2] $cookie =3D $r->headers_in->{Cookie};

$r->headers_out->{Cookie}=3D$cookie;

Does not do anything to the existing cookie ... does not even add a new coo=
kie.

[3] $cookie =3D $r->headers_in->{Cookie};
@cookies =3D split(/;/,$cookie);
$r->headers_out->clear();
< add cookies one-by-one replacing the value of the cookie in question usin=
g $r->headers_out->set("Set-Cookie", $cookie); >

The web application does not work ... seems like clearing the header create=
s problems.

Any pointers would be really helpful.

Thanks,
Ritu





--_000_FB816ACEE14B604180685C57F6A64DE6165B020CGSCMAMP27EXfi rm_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



>

Re: Overwriting a cookie in request header

Try this:

use CGI::Util;
my $domain =3D "mydomain.com";
# Add cookie to HTTP response
$r->err_headers_out->add("Set-Cookie" =3D>
"cookie_name=3Dcookie_value"
. "; path=3D/"
. "; expires=3D"
. &CGI::Util::expires('+60m', 'cookie');
. "; domain=3D$domain";

This will create a cookie and add it to the HTTP response header, which
will then expire in 60 minutes on the client-side by the browser.

Now let's say that you want to then kill that cookie (or perhaps change
its value, or perhaps just update it so that it doesn't expire). This is
done by passing back to the client (in a new HTTP response) a cookie
with (a) the same name, (b) the same domain, and (c) the same path.
These three key values (cookie name, path, and domain) are what create a
unique cookie (and hence why you've ended up with two cookies ... it's
not enough to simply pass back a name/value pair).

Here's an example for later deleting that same cookie (going with the
above example, let's say the cookie's name is "cookie_name").

use CGI::Util;
my $domain =3D "mydomain.com";
# Tell the browser to delete cookie 'cookie_name' (set previously)
$r->err_headers_out->add("Set-Cookie" =3D>
"cookie_name=3D"
. "; path=3D/"
. "; expires=3D"
. &CGI::Util::expires('now', 'cookie');
. "; domain=3D$domain";

The expiration value of 'now' is translated by the expires() sub-routine
into a valid cookie expiration date/time-string and facilitates the
expiration of the cookie at the browser-side.

Again, remember that the cookie_name, path, and domain MUST match that
of the original cookie, else nothing will happen.

Modifying the value of an existing cookie is very similar... just pass
back a cookie with matching name/path/domain with some new value and
with an expiration sometime in the future... the browser will overwrite
the old cookie with the new (again, because the name/path/domain match).
--
Devin





On Tue, 2009-11-17 at 10:09 -0500, Sinha, Ritu wrote:
> I have an Apache module in which I am trying to overwrite the value of
> a cookie. I have tried different methods of the APR::Table without
> success.
> Here are the approaches that I have tried:
> =20
> [1] $r->headers_out->set("Set-Cookie", $cookie);
> =20
> Here, $cookie has the name=3Dvalue pair with the name of the cookie that
> needs to be overwritten. The outcome is 2 cookies with the same name.
> =20
> [2] $cookie =3D $r->headers_in->{Cookie};
>
> $r->headers_out->{Cookie}=3D$cookie;
> =20
> Does not do anything to the existing cookie â€=A6 does not even add a=
new
> cookie.
> =20
> [3] $cookie =3D $r->headers_in->{Cookie};
> @cookies =3D split(/;/,$cookie);
> $r->headers_out->clear();
> < add cookies one-by-one replacing the value of the cookie in question
> using $r->headers_out->set("Set-Cookie", $cookie); >
> =20
> The web application does not work â€=A6 seems like clearing the heade=
r
> creates problems.
> =20
> Any pointers would be really helpful.
> =20
> Thanks,
> Ritu
> =20
> =20
> =20
> =20
--=20
Cheers,
Devin Teske

-> CONTACT INFORMATION <-
Field Engineer
FIS - Vicor Business Unit
626-573-6040 Office
510-735-5650 Mobile
devin.teske@metavante.com

-> LEGAL DISCLAIMER <-
This message contains confidential and proprietary information
of the sender, and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person is strictly prohibited. If you have received this
message in error, please notify the e-mail sender immediately,
and delete the original message without making a copy.

-> END TRANSMISSION <-

Re: Overwriting a cookie in request header

Oops... forgot ending right-paren to add().

Replace (in all examples):

. "; domain=3D$domain";

with:
. "; domain=3D$domain");

^_^
--
Devin


On Tue, 2009-11-17 at 07:31 -0800, Devin Teske wrote:
> Try this:
>=20
> use CGI::Util;
> my $domain =3D "mydomain.com";
> # Add cookie to HTTP response
> $r->err_headers_out->add("Set-Cookie" =3D>
> "cookie_name=3Dcookie_value"
> . "; path=3D/"
> . "; expires=3D"
> . &CGI::Util::expires('+60m', 'cookie');
> . "; domain=3D$domain";
>=20
> This will create a cookie and add it to the HTTP response header, which
> will then expire in 60 minutes on the client-side by the browser.
>=20
> Now let's say that you want to then kill that cookie (or perhaps change
> its value, or perhaps just update it so that it doesn't expire). This is
> done by passing back to the client (in a new HTTP response) a cookie
> with (a) the same name, (b) the same domain, and (c) the same path.
> These three key values (cookie name, path, and domain) are what create a
> unique cookie (and hence why you've ended up with two cookies ... it's
> not enough to simply pass back a name/value pair).
>=20
> Here's an example for later deleting that same cookie (going with the
> above example, let's say the cookie's name is "cookie_name").
>=20
> use CGI::Util;
> my $domain =3D "mydomain.com";
> # Tell the browser to delete cookie 'cookie_name' (set previously)
> $r->err_headers_out->add("Set-Cookie" =3D>
> "cookie_name=3D"
> . "; path=3D/"
> . "; expires=3D"
> . &CGI::Util::expires('now', 'cookie');
> . "; domain=3D$domain";
>=20
> The expiration value of 'now' is translated by the expires() sub-routine
> into a valid cookie expiration date/time-string and facilitates the
> expiration of the cookie at the browser-side.
>=20
> Again, remember that the cookie_name, path, and domain MUST match that
> of the original cookie, else nothing will happen.
>=20
> Modifying the value of an existing cookie is very similar... just pass
> back a cookie with matching name/path/domain with some new value and
> with an expiration sometime in the future... the browser will overwrite
> the old cookie with the new (again, because the name/path/domain match).
> --
> Devin
>=20
>=20
>=20
>=20
>=20
> On Tue, 2009-11-17 at 10:09 -0500, Sinha, Ritu wrote:
> > I have an Apache module in which I am trying to overwrite the value of
> > a cookie. I have tried different methods of the APR::Table without
> > success.
> > Here are the approaches that I have tried:
> > =20
> > [1] $r->headers_out->set("Set-Cookie", $cookie);
> > =20
> > Here, $cookie has the name=3Dvalue pair with the name of the cookie tha=
t
> > needs to be overwritten. The outcome is 2 cookies with the same name.
> > =20
> > [2] $cookie =3D $r->headers_in->{Cookie};
> >
> > $r->headers_out->{Cookie}=3D$cookie;
> > =20
> > Does not do anything to the existing cookie â€=A6 does not even add=
a new
> > cookie.
> > =20
> > [3] $cookie =3D $r->headers_in->{Cookie};
> > @cookies =3D split(/;/,$cookie);
> > $r->headers_out->clear();
> > < add cookies one-by-one replacing the value of the cookie in question
> > using $r->headers_out->set("Set-Cookie", $cookie); >
> > =20
> > The web application does not work â€=A6 seems like clearing the hea=
der
> > creates problems.
> > =20
> > Any pointers would be really helpful.
> > =20
> > Thanks,
> > Ritu
> > =20
> > =20
> > =20
> > =20
--=20
Cheers,
Devin Teske

-> CONTACT INFORMATION <-
Field Engineer
FIS - Vicor Business Unit
626-573-6040 Office
510-735-5650 Mobile
devin.teske@metavante.com

-> LEGAL DISCLAIMER <-
This message contains confidential and proprietary information
of the sender, and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person is strictly prohibited. If you have received this
message in error, please notify the e-mail sender immediately,
and delete the original message without making a copy.

-> END TRANSMISSION <-

RE: Overwriting a cookie in request header

Thanks Devin & Thomas. The 3 keys that define a unique cookie really helped=
understand the behavior. My module is working as expected now.

--Ritu=20

-----Original Message-----
From: Devin Teske [mailto:dteske@vicor.com]=20
Sent: Tuesday, November 17, 2009 10:36 AM
To: Sinha, Ritu
Cc: 'modperl@perl.apache.org'
Subject: Re: Overwriting a cookie in request header

Oops... forgot ending right-paren to add().

Replace (in all examples):

. "; domain=3D$domain";

with:
. "; domain=3D$domain");

^_^
--
Devin


On Tue, 2009-11-17 at 07:31 -0800, Devin Teske wrote:
> Try this:
>=20
> use CGI::Util;
> my $domain =3D "mydomain.com";
> # Add cookie to HTTP response
> $r->err_headers_out->add("Set-Cookie" =3D>
> "cookie_name=3Dcookie_value"
> . "; path=3D/"
> . "; expires=3D"
> . &CGI::Util::expires('+60m', 'cookie');
> . "; domain=3D$domain";
>=20
> This will create a cookie and add it to the HTTP response header, which
> will then expire in 60 minutes on the client-side by the browser.
>=20
> Now let's say that you want to then kill that cookie (or perhaps change
> its value, or perhaps just update it so that it doesn't expire). This is
> done by passing back to the client (in a new HTTP response) a cookie
> with (a) the same name, (b) the same domain, and (c) the same path.
> These three key values (cookie name, path, and domain) are what create a
> unique cookie (and hence why you've ended up with two cookies ... it's
> not enough to simply pass back a name/value pair).
>=20
> Here's an example for later deleting that same cookie (going with the
> above example, let's say the cookie's name is "cookie_name").
>=20
> use CGI::Util;
> my $domain =3D "mydomain.com";
> # Tell the browser to delete cookie 'cookie_name' (set previously)
> $r->err_headers_out->add("Set-Cookie" =3D>
> "cookie_name=3D"
> . "; path=3D/"
> . "; expires=3D"
> . &CGI::Util::expires('now', 'cookie');
> . "; domain=3D$domain";
>=20
> The expiration value of 'now' is translated by the expires() sub-routine
> into a valid cookie expiration date/time-string and facilitates the
> expiration of the cookie at the browser-side.
>=20
> Again, remember that the cookie_name, path, and domain MUST match that
> of the original cookie, else nothing will happen.
>=20
> Modifying the value of an existing cookie is very similar... just pass
> back a cookie with matching name/path/domain with some new value and
> with an expiration sometime in the future... the browser will overwrite
> the old cookie with the new (again, because the name/path/domain match).
> --
> Devin
>=20
>=20
>=20
>=20
>=20
> On Tue, 2009-11-17 at 10:09 -0500, Sinha, Ritu wrote:
> > I have an Apache module in which I am trying to overwrite the value of
> > a cookie. I have tried different methods of the APR::Table without
> > success.
> > Here are the approaches that I have tried:
> > =20
> > [1] $r->headers_out->set("Set-Cookie", $cookie);
> > =20
> > Here, $cookie has the name=3Dvalue pair with the name of the cookie tha=
t
> > needs to be overwritten. The outcome is 2 cookies with the same name.
> > =20
> > [2] $cookie =3D $r->headers_in->{Cookie};
> >
> > $r->headers_out->{Cookie}=3D$cookie;
> > =20
> > Does not do anything to the existing cookie ... does not even add a new
> > cookie.
> > =20
> > [3] $cookie =3D $r->headers_in->{Cookie};
> > @cookies =3D split(/;/,$cookie);
> > $r->headers_out->clear();
> > < add cookies one-by-one replacing the value of the cookie in question
> > using $r->headers_out->set("Set-Cookie", $cookie); >
> > =20
> > The web application does not work ... seems like clearing the header
> > creates problems.
> > =20
> > Any pointers would be really helpful.
> > =20
> > Thanks,
> > Ritu
> > =20
> > =20
> > =20
> > =20
--=20
Cheers,
Devin Teske

-> CONTACT INFORMATION <-
Field Engineer
FIS - Vicor Business Unit
626-573-6040 Office
510-735-5650 Mobile
devin.teske@metavante.com

-> LEGAL DISCLAIMER <-
This message contains confidential and proprietary information
of the sender, and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person is strictly prohibited. If you have received this
message in error, please notify the e-mail sender immediately,
and delete the original message without making a copy.

-> END TRANSMISSION <-