You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Garrett Goebel <ga...@scriptpro.com> on 2003/09/03 16:42:00 UTC

RE: $r->headers_out Location and Set-Cookie

Geoffrey Young wrote:
> > That's when you use Apache::compat, doing the mp1 syntax. 
> > In mp2-speak that would be:
> > 
> >   $r->err_headers_out->add('Set-Cookie' => $packed_cookie);
> >   $r->headers_out->set('Location' => $url);
> >   $r->status(REDIRECT);
> > 
> > notice that you don't need to call $r->send_http_header, it
> > doesn't exist in mp2.
> 
> not to mention it's entirely unnecessary (and undesirable) to 
> send headers on error responses such as redirects.

Why?

Appendix A.7 from the Stas' Practical mod_perl book states:

> You should use err_headers_out( ), not headers_out( ),
> when you want to send cookies in a REDIRECT response or
> in any other non-2XX response

And gives the following recipe:

  Example A-3. redirect_cookie.pl
  use Apache::Constants qw(REDIRECT OK);
  my $r = shift;
  # prepare the cookie in $cookie
  $r->err_headers_out->add('Set-Cookie' => $cookie);
  $r->headers_out->set(Location => $location);
  $r->status(REDIRECT);
  $r->send_http_header;
  return OK;

How would you have written it? 

 
> and you should never set $r->status from a handler - for 
> Registry scripts it's ok, since we use it as a hack to get
> around some things, but handlers should never manipulate the
> value of $r->status.

Why is that?


--
Garrett Goebel
IS Development Specialist

ScriptPro                   Direct: 913.403.5261
5828 Reeds Road               Main: 913.384.1008
Mission, KS 66202              Fax: 913.384.2180
www.scriptpro.com          garrett at scriptpro dot com

Re: $r->headers_out Location and Set-Cookie

Posted by Geoffrey Young <ge...@modperlcookbook.org>.


Garrett Goebel wrote:
> Geoffrey Young wrote:
>  > > That's when you use Apache::compat, doing the mp1 syntax.
>  > > In mp2-speak that would be:
>  > >
>  > >   $r->err_headers_out->add('Set-Cookie' => $packed_cookie);
>  > >   $r->headers_out->set('Location' => $url);
>  > >   $r->status(REDIRECT);
>  > >
>  > > notice that you don't need to call $r->send_http_header, it
>  > > doesn't exist in mp2.
>  >
>  > not to mention it's entirely unnecessary (and undesirable) to
>  > send headers on error responses such as redirects.
> 
> Why?
> 
> Appendix A.7 from the Stas' Practical mod_perl book states:
> 
>  > You should use err_headers_out( ), not headers_out( ),
>  > when you want to send cookies in a REDIRECT response or
>  > in any other non-2XX response

that's correct, but setting the headers is entirely different than sending them.

> 
> And gives the following recipe:
> 
>   Example A-3. redirect_cookie.pl
>   use Apache::Constants qw(REDIRECT OK);
>   my $r = shift;
>   # prepare the cookie in $cookie
>   $r->err_headers_out->add('Set-Cookie' => $cookie);
>   $r->headers_out->set(Location => $location);
>   $r->status(REDIRECT);
>   $r->send_http_header;
>   return OK;
> 
> How would you have written it?

the example is wrong - it should not have send_http_header() in it.

if you execute that script over telnet, you'll see two sets of headers.

apache automatically sends headers on errors - that's how you are able to 
get standard 500 pages, etc.

> 
>  
>  > and you should never set $r->status from a handler - for
>  > Registry scripts it's ok, since we use it as a hack to get
>  > around some things, but handlers should never manipulate the
>  > value of $r->status.
> 
> Why is that?

if r->status is not HTTP_OK (200) then apache thinks that an ErrorDocument 
has _also_ thrown an error, and it thus ends what would otherwise be a 
recursive cycle of errors.  by messing with r->status, you mess up Apache's 
internal bookkeeping wrt the error document cycle.

--Geoff

/me sliently points to recipe 3.13 in the cookbook, too :)



-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html

Re: $r->headers_out Location and Set-Cookie

Posted by Michael <ka...@thismetalsky.org>.

On Fri, Sep 05, 2003 at 10:13:36, Geoffrey Young said...

> actually, the return value is entirely ignored in Registry scripts - that's 
> why we need the $r->status hack, which is not needed (or desired) in 
> handlers.  if you returned SERVER_ERROR it would still work, so long as you 
> set $r->status :)
 
Oh!  I totally missed that you're using Apache::Registry.  I'm not sure the
best way to do it with that, sorry.

-- 
Michael Stella  | Sr. Unix Engineer / Developer | http://www.thismetalsky.org
"All I want out of the Universe is 10 minutes with the source code
and a quick recompile."  - unknown


-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html

Re: $r->headers_out Location and Set-Cookie

Posted by Geoffrey Young <ge...@modperlcookbook.org>.


Michael wrote:
> On Wed, Sep 03, 2003 at 09:42:00, Garrett Goebel said...
> 
> 
>>   And gives the following recipe:
>>   
>>     Example A-3. redirect_cookie.pl
>>     use Apache::Constants qw(REDIRECT OK);
>>     my $r = shift;
>>     # prepare the cookie in $cookie
>>     $r->err_headers_out->add('Set-Cookie' => $cookie);
>>     $r->headers_out->set(Location => $location);
>>     $r->status(REDIRECT);
>>     $r->send_http_header;
>>     return OK;
>>   
>>   How would you have written it?
> http://marc.theaimsgroup.com/?l=apache-modperl&m=106260380606735&w=2

thanks, I meant to put that in myself :)

> 
> Seems to me you'd want to *return* REDIRECT, not set $r->status to REDIRECT.
> Here's what I do in this case:
> 
> 	$r->header_out(Location => $location);
> 	return REDIRECT;
> 
> I don't know if it's 100% correct, but it works quite well for me.

actually, the return value is entirely ignored in Registry scripts - that's 
why we need the $r->status hack, which is not needed (or desired) in 
handlers.  if you returned SERVER_ERROR it would still work, so long as you 
set $r->status :)

however, yes, I prefer your way and return REDIRECT instead of OK - it just 
seems to make things that much closer to handler behavior, as well as being 
a bit more intuitive.

--Geoff



-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html

Re: $r->headers_out Location and Set-Cookie

Posted by Michael <ka...@thismetalsky.org>.

On Wed, Sep 03, 2003 at 09:42:00, Garrett Goebel said...

>    And gives the following recipe:
>    
>      Example A-3. redirect_cookie.pl
>      use Apache::Constants qw(REDIRECT OK);
>      my $r = shift;
>      # prepare the cookie in $cookie
>      $r->err_headers_out->add('Set-Cookie' => $cookie);
>      $r->headers_out->set(Location => $location);
>      $r->status(REDIRECT);
>      $r->send_http_header;
>      return OK;
>    
>    How would you have written it?

Seems to me you'd want to *return* REDIRECT, not set $r->status to REDIRECT.
Here's what I do in this case:

	$r->header_out(Location => $location);
	return REDIRECT;

I don't know if it's 100% correct, but it works quite well for me.

I've also used $r->internal_redirect($location) for some things, but I don't
think that's appropriate here.

-- 
Michael Stella  | Sr. Unix Engineer / Developer | http://www.thismetalsky.org
"To dwell on the destination is to waste the journey"


-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html