You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by will trillich <wi...@serensoft.com> on 2001/05/02 07:39:30 UTC
glimmer of hope -- cookies: www.host.tld vs host.tld
Aha. I found a chink. I still only have one brick in the wall,
but now it seems like i may have a clue as to why the other
bricks have been sitting there, giggling.
to wit:
Cookies are restricted to certain domains, for security reasons.
(Why have a microsoft.com cookie sent to debian.org, right?)
So all cookies need
domain=box.subnet.intralan.organization.tld
Or at the very least, two segments thereof:
domain=.org.tld
Which would be sent to any of these hosts:
www.org.tld
some.obscure.server.org.tld
even.here.org.tld
BUT NOT TO
ord.tlg
Thank you very four-borking-days-lost-forever much.
So, patient gurus laughing-up-your-sleeves, who've known this
from the beginning and have only been waiting for grashopper to
come to the epiphany on his own, would you mind sharing with us
lesser folk... HOW to have cookies work for bare-domain hosts
such as
this.org
something.net
my.tld
to operate as aliases for more specific-style sites such as
www.this.org
www.something.net
a.very.deep.and.remote.server.my.tld
? Please?
at least i'm off the russian roulette kick. for now.
--
don't visit this page. it's bad for you. take my expert word for it.
http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html
will@serensoft.com
http://sourceforge.net/projects/newbiedoc -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!
OT: Re: glimmer of hope -- cookies: www.host.tld vs host.tld
Posted by ___cliff rayman___ <cl...@genwax.com>.
u can also use the rewrite engine - for our domain genwax.com:
RewriteCond %{HTTP_HOST} ^genwax\.com$ [NC]
RewriteRule ^(.+) http://www.genwax.com$1 [R,L]
notice that it also makes sure to convert any case such as:
GeNwAx.com to www.genwax.com
--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/
darren chamberlain wrote:
> will trillich (will@serensoft.com) said something to this effect on 05/02/2001:
> > Cookies are restricted to certain domains, for security reasons.
> > (Why have a microsoft.com cookie sent to debian.org, right?)
> > So all cookies need
> >
> > domain=box.subnet.intralan.organization.tld
>
> *snip*
>
> A similar thread happened a while ago (see, e.g.,
> http://forum.swarthmore.edu/epigone/modperl/blixnortix/38ECE46E.2FDB261C@vialogix.com);
> Rusty Foster (of kuro5hin.org fame) explained his solution pretty well
> here:
> http://forum.swarthmore.edu/epigone/modperl/blixnortix/38ED1DBD.893F5783@kuro5hin.org
>
> (darren)
>
Re: glimmer of hope -- cookies: www.host.tld vs host.tld
Posted by will trillich <wi...@serensoft.com>.
On Wed, May 02, 2001 at 07:28:05AM -0400, darren chamberlain wrote:
> will trillich (will@serensoft.com) said something to this effect on 05/02/2001:
> > Cookies are restricted to certain domains, for security reasons.
> > (Why have a microsoft.com cookie sent to debian.org, right?)
> > So all cookies need
> >
> > domain=box.subnet.intralan.organization.tld
>
> *snip*
>
> A similar thread happened a while ago (see, e.g.,
> http://forum.swarthmore.edu/epigone/modperl/blixnortix/38ECE46E.2FDB261C@vialogix.com);
> Rusty Foster (of kuro5hin.org fame) explained his solution pretty well
> here:
> http://forum.swarthmore.edu/epigone/modperl/blixnortix/38ED1DBD.893F5783@kuro5hin.org
here's the solution rusty posted:
NameVirtualHost 216.181.35.174 # IP of www.kuro5hin.org
# Redirect all hostless requests to www VHost
<VirtualHost 216.181.35.174>
ServerName kuro5hin.org
Redirect permanent / http://www.kuro5hin.org/
</VirtualHost>
# Proper URI for www.kuro5hin.org
<VirtualHost 216.181.35.174>
ServerName www.kuro5hin.org
...etc...
</VirtualHost>
how is that different from
UseCanonicalName on
--
don't visit this page. it's bad for you. take my expert word for it.
http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html
will@serensoft.com
http://sourceforge.net/projects/newbiedoc -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!
Re: glimmer of hope -- cookies: www.host.tld vs host.tld
Posted by darren chamberlain <dl...@users.sourceforge.net>.
will trillich (will@serensoft.com) said something to this effect on 05/02/2001:
> Cookies are restricted to certain domains, for security reasons.
> (Why have a microsoft.com cookie sent to debian.org, right?)
> So all cookies need
>
> domain=box.subnet.intralan.organization.tld
*snip*
A similar thread happened a while ago (see, e.g.,
http://forum.swarthmore.edu/epigone/modperl/blixnortix/38ECE46E.2FDB261C@vialogix.com);
Rusty Foster (of kuro5hin.org fame) explained his solution pretty well
here:
http://forum.swarthmore.edu/epigone/modperl/blixnortix/38ED1DBD.893F5783@kuro5hin.org
(darren)
--
How is it possible to find meaning in a finite world, given my waist
and shirt size?
-- Woody Allen
Re: glimmer of hope -- cookies: www.host.tld vs host.tld
Posted by ___cliff rayman___ <cl...@genwax.com>.
Rob Bloodgood wrote:
> > Or at the very least, two segments thereof:
> >
> > domain=.org.tld
> >
> --- lots of snippage ---
> you have it right at the top.
> assuming you are operating in org.tld, so www.org.tld and modperl.org.tld
> are valid boxes, then you send the domain string as ".$domain". This one
> cost me about a week, so don't feel too bad!
>
if someone enters our site with domain.tld (no hostname), everything works
fine as long as they keep using relative links. as soon as they select or get
redirected to an absolute link (usually when changing schemes http <=> https),
then the domain of the cookie fails, and the cookie data is lost (as far as the
browser is concerned). this problem is avoidable if u insure that a proper
hostname is used along with a domain.tld. i do this with mod_rewrite. there
are probably many ways to do it, but the effect is the same, insure that the
cookie domain matches through the user's entire session. someone suggested
using the apache directive "canonical hostname". my canonical hostname does not
always match the host and domain.tld of my server. if it does, then this directive
will probably eliminate the "no hostname cookie domain matching problem" (a technical
term ;-) ).
--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/
RE: glimmer of hope -- cookies: www.host.tld vs host.tld
Posted by Rob Bloodgood <ro...@empire2.com>.
> Or at the very least, two segments thereof:
>
> domain=.org.tld
>
> Which would be sent to any of these hosts:
>
> www.org.tld
> some.obscure.server.org.tld
> even.here.org.tld
>
> BUT NOT TO
>
> ord.tlg
>
> Thank you very four-borking-days-lost-forever much.
>
> So, patient gurus laughing-up-your-sleeves, who've known this
> from the beginning and have only been waiting for grashopper to
> come to the epiphany on his own, would you mind sharing with us
> lesser folk... HOW to have cookies work for bare-domain hosts
> such as
>
> this.org
> something.net
> my.tld
>
> to operate as aliases for more specific-style sites such as
>
> www.this.org
> www.something.net
> a.very.deep.and.remote.server.my.tld
you have it right at the top.
assuming you are operating in org.tld, so www.org.tld and modperl.org.tld
are valid boxes, then you send the domain string as ".$domain". This one
cost me about a week, so don't feel too bad!
Until now, you've been dealing with not even seeing the cookie header (in
the raw req). Once the raw req has the right info, (e.g. the Set-Cookie:
header), then it comes down to verifying the info IN the headers. <sigh>
DON'T EXPECT TO SET A COOKIE FOR MULTIPLE DOMAINS. If you set a cookie for
.this.org, it's not a part of the technology to allow the same cookie to
work w/ .something.net as well. ALTHO: There's nothing stopping you from
setting cookies from perl.this.org for the .something.org domain if you
expect to go back and forth.
HTH, and good luck!
L8r,
Rob
#!/usr/bin/perl -w
use Disclaimer qw/:standard/;