You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Alan <al...@ufies.org> on 2002/10/01 20:30:59 UTC
cookies and IE
Hi folks... I'm having a bit of a weird problem with Apache::Cookie and
IE.
I'm setting a cookie and then doing a redirect as follows:
my $c = Apache::Cookie->new( $r,
-name => 'userdata',
-value => $cookie,
-expires => '1d',
-path => '/dealers'
);
$r->content_type('text/html');
$c->bake;
$r->header_out("Refresh"=>"0;url=/dealers$request_uri");
$r->no_cache(1);
$r->send_http_header;
$r->print( print_refresh_page_content() );
(print_refresh_page_content() just returns a string of "authenticated")
After the authenticated message is printed it should refresh back to the
/dealers/ URL, except this time the handler will see there is a cookie
and print out the real data, not a username/pass prompt.
This works *perfectly* in mozilla linux, galeon, mozilla windows, and
ie6 under windows XP. It *doesn't* work on ie 6 under win98, winME, or
ie 5.5 run through crossover office. It displays the authenticated
page, but then refreshes back to the login page. No cookie is set, but
debug when setting the cookie shows the following:
Set-Cookie=userdata=[data]; path=/dealers; expires=1d at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
Refresh=0;url=/dealers/ at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
Pragma=no-cache at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
Cache-control=no-cache at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
Connection=close at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
Content-Type=text/html at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
Expires=Tue, 01 Oct 2002 18:30:31 GMT at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
This is the same that is printed out when a working browser gets cookies
set.
I've played around with the security settings, and even at the lowest
setting, with IE set to prompt for any cookies, it won't even
acknowledge that I'm trying to set a cookie.
Anyone have any ideas/solutions/thoughts?
--
Alan "Arcterex" <al...@ufies.org> -=][=- http://arcterex.net
"I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I
think I preferred the cows. They were better conversation, easier to milk, and
if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson
Re: cookies and IE
Posted by Per Einar Ellefsen <pe...@oslo.online.no>.
At 09:02 02.10.2002, Alan wrote:
>On Tue, Oct 01, 2002 at 07:23:39PM -0400, Kee Hinckley wrote:
> > At 11:30 AM -0700 10/1/02, Alan wrote:
> > >Hi folks... I'm having a bit of a weird problem with Apache::Cookie and
> > >IE.
> > >
> > >I'm setting a cookie and then doing a redirect as follows:
> >
> > This must come up once every few months. I'd complain about that
> > fact, but the irony is that just last week I couldn't figure out why
> > a new site I was working on wasn't setting cookies in IE and.... I'd
> > done the same thing I'd read about a dozen times.
> >
> > IE doesn't reliably set cookies on a refresh. I believe the only
> > solution is to rearchitect the site.
>
>Interesting... on the several browsers/OSs I had it tested on it seemed
>to work.
>
>Anyway, if this is such a common question, who do you talk to to get it
>stuck in the perl.apache.org page about cookies? :)
Send some paragraphs detailing this to me (preferably in POD), and it'll be
added to the site.
--
Per Einar Ellefsen
pereinar@oslo.online.no
Re: cookies and IE
Posted by Jean-Michel Hiver <jh...@mkdoc.com>.
> Wouldn't be the first time I've been wrong. I do know that I was
> seeing inconsistent behavior with cookies not being saved in a
> redirect page (mostly IE PC, but not 100% of the time), but I didn't
> spend any time worrying about it because of the previous messages I
> remembered. A quick check of my mailbox shows a discussion back in
> March where someone suggested using Refresh instead of Redirect to
> get around the problem. I recall previous discussions, but I don't
> have any on file.
Actually, I had the same problem with certain versions of IE not setting
cookies when they are used with redirects... I ended up making it so
that the redirect was unnecessary.
After a while I switched to HTTP authentication - In many ways it's even
simpler :-)
Cheers,
--
IT'S TIME FOR A DIFFERENT KIND OF WEB
================================================================
Jean-Michel Hiver - Software Director
jhiver@mkdoc.com
+44 (0)114 255 8097
================================================================
VISIT HTTP://WWW.MKDOC.COM
Re: cookies and IE
Posted by Kee Hinckley <na...@somewhere.com>.
At 9:29 AM +0200 10/2/02, Sven Geisler wrote:
>Hi Alan,
>Hi Kee,
>
>I would say Kee is wrong.
>In our application, the development of which I am involved in, for a
>special case we need to write a cookie and redirect to another page.
Wouldn't be the first time I've been wrong. I do know that I was
seeing inconsistent behavior with cookies not being saved in a
redirect page (mostly IE PC, but not 100% of the time), but I didn't
spend any time worrying about it because of the previous messages I
remembered. A quick check of my mailbox shows a discussion back in
March where someone suggested using Refresh instead of Redirect to
get around the problem. I recall previous discussions, but I don't
have any on file.
The typical case here is that the user goes to page a, you redirect
them to page b for authentication, they submit their password and the
password page then sets a cookie and sends them back to a.
It may be that the problem was a coding one rather than a browser
one. I just tore out the code and instead decided to internally
display page b without doing a a redirect. So your URL is for a, but
the content is the login page (b). On submit page sees a successful
login, sets the cookie, and displays itself. EmpberlObject made this
trivial to do, and it ended up meaning less server roundtrips and
less code.
--
Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
[Silly Problem] Error Logs all over the place
Posted by Rafiq Ismail <ra...@bookings.nl>.
Hi People,
I'm trying to figure out why something is happening and after a failed
very silly idea of forking, backticks, greps and strace, I seek your help!
Background
----------
Using:
moya# /usr/local/sbin/httpd -v
Server version: Apache/1.3.26 (Unix)
Server built: Jul 2 2002 13:08:13
On a server which has declared a global MySQL PerlLogHandler and a global
declaration of:
ErrorLog syslog:local6
Someone else set up the httpd.conf on this server and we have '#includ'ed
a vhost with it's own ErrorLog directed to the bottom of the global
httpd.conf file.
Problem
-------
The <VirtualHost/> is playing up and appears to be showing STDERR output
from other VirtualHosts in it's ErrorLog file. I'm not sure if the global
PerlLogHandler is interfering in anyway, however this seems most bizzar to
me since grepping for that particular ErrorLog file amoungst the other
virtual hosts appears to reveal that it is only decalred with the 'one'
<VirtualHost/> block, whilst all the others seem to fall back to the
global declaration.
S0 -- It seems like a little slip up somewhere, however I don't see how an
ErrorLog declared within 'one' VirtualHost block would become the default
for any other vhost processes? Any ideas on this one?
Cheers,
Rafiq
--
Senior Programmer
Bookings.nl
----------------------------------------------------------
Me::rafiq@dreamthought.com||www.dreamthought.com
Budget hosting on my 10Mbit/backbone::info@dreamthought.com
Re: cookies and IE
Posted by Sven Geisler <sg...@aeccom.com>.
Hi Alan,
Hi Kee,
I would say Kee is wrong.
In our application, the development of which I am involved in, for a
special case we need to write a cookie and redirect to another page.
So we use Apache::Cookie to write the cookie and http redirect. Cookie is
always set. I changed the http redirect to html meta
refresh and it still worked, as I thought it would!
Regards
Sven.
On Wed, 2 Oct 2002, Alan wrote:
> On Tue, Oct 01, 2002 at 07:23:39PM -0400, Kee Hinckley wrote:
> > At 11:30 AM -0700 10/1/02, Alan wrote:
> > >Hi folks... I'm having a bit of a weird problem with Apache::Cookie and
> > >IE.
> > >
> > >I'm setting a cookie and then doing a redirect as follows:
> >
> > This must come up once every few months. I'd complain about that
> > fact, but the irony is that just last week I couldn't figure out why
> > a new site I was working on wasn't setting cookies in IE and.... I'd
> > done the same thing I'd read about a dozen times.
> >
> > IE doesn't reliably set cookies on a refresh. I believe the only
> > solution is to rearchitect the site.
>
> Interesting... on the several browsers/OSs I had it tested on it seemed
> to work.
>
> Anyway, if this is such a common question, who do you talk to to get it
> stuck in the perl.apache.org page about cookies? :)
>
> alan
>
>
--
Sven Geisler e-mail: sgeisler@aeccom.com
Senior Developer tel: (+49 30) 53 62 16 27
Re: cookies and IE
Posted by Alan <al...@ufies.org>.
On Tue, Oct 01, 2002 at 07:23:39PM -0400, Kee Hinckley wrote:
> At 11:30 AM -0700 10/1/02, Alan wrote:
> >Hi folks... I'm having a bit of a weird problem with Apache::Cookie and
> >IE.
> >
> >I'm setting a cookie and then doing a redirect as follows:
>
> This must come up once every few months. I'd complain about that
> fact, but the irony is that just last week I couldn't figure out why
> a new site I was working on wasn't setting cookies in IE and.... I'd
> done the same thing I'd read about a dozen times.
>
> IE doesn't reliably set cookies on a refresh. I believe the only
> solution is to rearchitect the site.
Interesting... on the several browsers/OSs I had it tested on it seemed
to work.
Anyway, if this is such a common question, who do you talk to to get it
stuck in the perl.apache.org page about cookies? :)
alan
--
Alan "Arcterex" <al...@ufies.org> -=][=- http://arcterex.net
"I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I
think I preferred the cows. They were better conversation, easier to milk, and
if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson
Re: cookies and IE
Posted by Kee Hinckley <na...@somewhere.com>.
At 11:30 AM -0700 10/1/02, Alan wrote:
>Hi folks... I'm having a bit of a weird problem with Apache::Cookie and
>IE.
>
>I'm setting a cookie and then doing a redirect as follows:
This must come up once every few months. I'd complain about that
fact, but the irony is that just last week I couldn't figure out why
a new site I was working on wasn't setting cookies in IE and.... I'd
done the same thing I'd read about a dozen times.
IE doesn't reliably set cookies on a refresh. I believe the only
solution is to rearchitect the site.
--
Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
Re: cookies and IE
Posted by Alan <al...@ufies.org>.
On Wed, Oct 02, 2002 at 08:30:54PM +0200, Per Einar Ellefsen wrote:
> At 20:12 02.10.2002, Alan wrote:
> >On Wed, Oct 02, 2002 at 01:21:49PM -0400, Geoffrey Young wrote:
> >> so, it's not really a bug if you dig down into the docs and examples.
> >> looks like a feature, though :)
> >
> >Agreed... more of a 'gotcha' though, ready to bite people in the butt.
> >Personally I think it might make more sense to do a check to see if the
> >val =~ /(\d+)(h|m|d|M)/ before it's sent off as a literal, but who
> >knows. I'll email someone about it anyway.
>
> It's because you can put a correctly formatted date string in the -expires
> option, AFAIK. So if using your idea, the "literal" string might be
> misinterpreted. Also, don't forget that you have +1d and -1d as another
> possibility. I think the +/- makes sense. It's just one character :)
Oh, totally agreed, I just figured that it might be a good way to set a
default if there was no + or -, which could eliminate headaches for
people like me :) Also, as there's no chance of a correctly formatted
date string being "\d(h|m|d|etc)", it could be a fair assumption.
My $0.02 anyway! :)
alan
--
Alan "Arcterex" <al...@ufies.org> -=][=- http://arcterex.net
"I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I
think I preferred the cows. They were better conversation, easier to milk, and
if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson
Re: cookies and IE
Posted by Per Einar Ellefsen <pe...@oslo.online.no>.
At 20:12 02.10.2002, Alan wrote:
>On Wed, Oct 02, 2002 at 01:21:49PM -0400, Geoffrey Young wrote:
> > so, it's not really a bug if you dig down into the docs and examples.
> > looks like a feature, though :)
>
>Agreed... more of a 'gotcha' though, ready to bite people in the butt.
>Personally I think it might make more sense to do a check to see if the
>val =~ /(\d+)(h|m|d|M)/ before it's sent off as a literal, but who
>knows. I'll email someone about it anyway.
It's because you can put a correctly formatted date string in the -expires
option, AFAIK. So if using your idea, the "literal" string might be
misinterpreted. Also, don't forget that you have +1d and -1d as another
possibility. I think the +/- makes sense. It's just one character :)
--
Per Einar Ellefsen
pereinar@oslo.online.no
Re: passing an object to a handler
Posted by william ross <wi...@spanner.org>.
On Wednesday, October 2, 2002, at 08:37 PM, Per Einar Ellefsen wrote:
> At 21:30 02.10.2002, william ross wrote:
>
>> On Wednesday, October 2, 2002, at 08:18 PM, Per Einar Ellefsen wrote:
>>
>>> At 20:47 02.10.2002, william ross wrote:
>>>> but I can't find anything to tell me how to do it. I feel sure I'm
>>>> missing something really obvious here?
>>>
>>> You can configure objects instead of using static class names. See
>>> the doc:
>>>
>>> http://perl.apache.org/docs/1.0/guide/method_handlers.html
>>
>> sorry: i wasn't very clear, was I? I am using a method handler, but I
>> want to pass an object of another class to it each time it is called.
>> The object needs to be created outside of an individual request, and
>> therefore presumably in a startup file, and then either passed to the
>> handler along with each request, or somehow made available to all the
>> requests, but preferably without setting a class variable, which is
>> what I do at the moment but dislike.
>
> Yes, and that it exactly what the doc I referred to shows you:
> You instantiate an object in your startup file; then you configure
> mod_perl to call your handler with this object as the class, like:
> PerlHandler $My::obj->handler
> $My::Obj must then be an instance of the handler class, but can
> contain any other information too.
> Now, in your handler, you get:
> sub handler ($$) {
> my ($obj, $r) = @_;
>
> and you have your $obj, which you can use freely. ($obj isn't a class
> name, it is an ... object!)
>
> Wasn't that what you wanted?
no, not quite, though i begin to suspect that i wanted the wrong thing,
and what you suggest - which I had read several times but apparently
not taken in - is what I should be looking for.
the trouble is that I want to have many handler objects - they hold
session information, among other reasons - but I want each one to use
the same factory object. I don't want to instantiate a single handler,
as i think your snippet would. so i thought i'd make a new one each
time and pass the factory to each one.
but it looks - from what you say - like I've just got it back to front:
at the moment Class::DBI::Handler expects to be given a
Class::DBI::Factory object, but what I should do is put the handler($$)
method in the factory itself, and construct a new
Class::DBI::Factory::Handler object each time it's called, to hold
whatever per-request information is required.
excuse me thinking out loud: maybe you could warn me if it sounds like
i've found another wrong tree. meanwhile, I'll go try it.
thanks for your help
will
Re: passing an object to a handler
Posted by Per Einar Ellefsen <pe...@oslo.online.no>.
At 21:30 02.10.2002, william ross wrote:
>On Wednesday, October 2, 2002, at 08:18 PM, Per Einar Ellefsen wrote:
>
>>At 20:47 02.10.2002, william ross wrote:
>>>but I can't find anything to tell me how to do it. I feel sure I'm
>>>missing something really obvious here?
>>
>>You can configure objects instead of using static class names. See the doc:
>>
>>http://perl.apache.org/docs/1.0/guide/method_handlers.html
>
>sorry: i wasn't very clear, was I? I am using a method handler, but I want
>to pass an object of another class to it each time it is called. The
>object needs to be created outside of an individual request, and therefore
>presumably in a startup file, and then either passed to the handler along
>with each request, or somehow made available to all the requests, but
>preferably without setting a class variable, which is what I do at the
>moment but dislike.
Yes, and that it exactly what the doc I referred to shows you:
You instantiate an object in your startup file; then you configure mod_perl
to call your handler with this object as the class, like:
PerlHandler $My::obj->handler
$My::Obj must then be an instance of the handler class, but can contain any
other information too.
Now, in your handler, you get:
sub handler ($$) {
my ($obj, $r) = @_;
and you have your $obj, which you can use freely. ($obj isn't a class name,
it is an ... object!)
Wasn't that what you wanted?
--
Per Einar Ellefsen
pereinar@oslo.online.no
Re: passing an object to a handler
Posted by william ross <wi...@spanner.org>.
On Wednesday, October 2, 2002, at 09:48 PM, Dave Rolsky wrote:
> On Wed, 2 Oct 2002, william ross wrote:
>
>> I did have it set up that way at one point. it worked quite nicely as
>> long as I made the singleton in a subclass of the main Factory (which
>> might be shared by several applications with different
>> configurations).
>> i gave up on it in the end because it seemed a bit overheated, but if
>> you approve, i shall reconsider.
>
> I'm not quite following you. Overheated?
sorry. i just meant that it seemed like a lot of engineering - much of
which was a little beyond me, though I've caught up a bit since - for
what seemed like such a simple requirement.
but i've just been doing as you suggested, and it does work rather
nicely. thanks.
>> so, rehearsing: all it should take is a Factory::Subclass->new(config
>> blah) in the startup script and a Factory::Subclass->instance() in the
>> handler? it does sound good if you put it like that.
(dimwit: both calls should be to instance(). oops)
>> incidentally I made the singleton like this (yes, more poop):
>>
>> use base qw (Class::DBI::Factory Class::Singleton);
>> ...
>> sub _new_instance { shift->new(@_) }
>>
>> but it felt rather naughty to subclass the private _new_instance. if
>> anyone knows a better way, I'd be very glad to hear it.
>
> Check out Class::Singleton.
er, that's what I said. guess it must be ok :)
will
Re: passing an object to a handler
Posted by Dave Rolsky <au...@urth.org>.
On Wed, 2 Oct 2002, william ross wrote:
> I did have it set up that way at one point. it worked quite nicely as
> long as I made the singleton in a subclass of the main Factory (which
> might be shared by several applications with different configurations).
> i gave up on it in the end because it seemed a bit overheated, but if
> you approve, i shall reconsider.
I'm not quite following you. Overheated?
> so, rehearsing: all it should take is a Factory::Subclass->new(config
> blah) in the startup script and a Factory::Subclass->instance() in the
> handler? it does sound good if you put it like that.
>
> incidentally I made the singleton like this (yes, more poop):
>
> use base qw (Class::DBI::Factory Class::Singleton);
> ...
> sub _new_instance { shift->new(@_) }
>
> but it felt rather naughty to subclass the private _new_instance. if
> anyone knows a better way, I'd be very glad to hear it.
Check out Class::Singleton.
-dave
/*==================
www.urth.org
we await the New Sun
==================*/
Re: passing an object to a handler
Posted by william ross <wi...@spanner.org>.
On Wednesday, October 2, 2002, at 09:11 PM, Dave Rolsky wrote:
> On Wed, 2 Oct 2002, william ross wrote:
>
>> sorry: i wasn't very clear, was I? I am using a method handler, but I
>> want to pass an object of another class to it each time it is called.
>> The object needs to be created outside of an individual request, and
>> therefore presumably in a startup file, and then either passed to the
>> handler along with each request, or somehow made available to all the
>> requests, but preferably without setting a class variable, which is
>> what I do at the moment but dislike.
>
> You could make the other object a singleton, so you could just do:
>
> my $factory = My::Factory->instance
I did have it set up that way at one point. it worked quite nicely as
long as I made the singleton in a subclass of the main Factory (which
might be shared by several applications with different configurations).
i gave up on it in the end because it seemed a bit overheated, but if
you approve, i shall reconsider.
so, rehearsing: all it should take is a Factory::Subclass->new(config
blah) in the startup script and a Factory::Subclass->instance() in the
handler? it does sound good if you put it like that.
incidentally I made the singleton like this (yes, more poop):
use base qw (Class::DBI::Factory Class::Singleton);
...
sub _new_instance { shift->new(@_) }
but it felt rather naughty to subclass the private _new_instance. if
anyone knows a better way, I'd be very glad to hear it.
(but this is galloping quickly away from the topic, and I'm sure I can
work it out in the end :)
thank you.
will
Re: passing an object to a handler
Posted by Dave Rolsky <au...@urth.org>.
On Wed, 2 Oct 2002, william ross wrote:
> sorry: i wasn't very clear, was I? I am using a method handler, but I
> want to pass an object of another class to it each time it is called.
> The object needs to be created outside of an individual request, and
> therefore presumably in a startup file, and then either passed to the
> handler along with each request, or somehow made available to all the
> requests, but preferably without setting a class variable, which is
> what I do at the moment but dislike.
You could make the other object a singleton, so you could just do:
my $factory = My::Factory->instance
in your handler subroutine and it'd get the already created object.
-dave
/*==================
www.urth.org
we await the New Sun
==================*/
Re: passing an object to a handler
Posted by william ross <wi...@spanner.org>.
On Wednesday, October 2, 2002, at 08:18 PM, Per Einar Ellefsen wrote:
> At 20:47 02.10.2002, william ross wrote:
>> but I can't find anything to tell me how to do it. I feel sure I'm
>> missing something really obvious here?
>
> You can configure objects instead of using static class names. See the
> doc:
>
> http://perl.apache.org/docs/1.0/guide/method_handlers.html
sorry: i wasn't very clear, was I? I am using a method handler, but I
want to pass an object of another class to it each time it is called.
The object needs to be created outside of an individual request, and
therefore presumably in a startup file, and then either passed to the
handler along with each request, or somehow made available to all the
requests, but preferably without setting a class variable, which is
what I do at the moment but dislike.
thanks
will
Re: passing an object to a handler
Posted by Per Einar Ellefsen <pe...@oslo.online.no>.
At 20:47 02.10.2002, william ross wrote:
>hello,
>
>I've been off-list for a while, so please forgive (and direct) me if this
>is a tired subject.
>
>In short, i'd like to pass through another object on method invocation, in
>addition to the apache request. Ideally the (method)handler would look
>something like:
>
>sub handler ($$$) {
> my ($class, $r, $factory) = @_;
> ...
>}
>
>where $factory is an object I made earlier, and is shared among all the
>requests. I'd like to avoid class data because the handler will almost
>always be subclassed, and anyway it makes me nervous. And for the same
>reason I don't want to make the factory a singleton: each single,
>hard-working object of the factory class will have a different configuration.
>
>but I can't find anything to tell me how to do it. I feel sure I'm missing
>something really obvious here?
You can configure objects instead of using static class names. See the doc:
http://perl.apache.org/docs/1.0/guide/method_handlers.html
--
Per Einar Ellefsen
pereinar@oslo.online.no
passing an object to a handler
Posted by william ross <wi...@spanner.org>.
hello,
I've been off-list for a while, so please forgive (and direct) me if
this is a tired subject.
In short, i'd like to pass through another object on method invocation,
in addition to the apache request. Ideally the (method)handler would
look something like:
sub handler ($$$) {
my ($class, $r, $factory) = @_;
...
}
where $factory is an object I made earlier, and is shared among all the
requests. I'd like to avoid class data because the handler will almost
always be subclassed, and anyway it makes me nervous. And for the same
reason I don't want to make the factory a singleton: each single,
hard-working object of the factory class will have a different
configuration.
but I can't find anything to tell me how to do it. I feel sure I'm
missing something really obvious here?
thanks
will
Re: cookies and IE
Posted by Alan <al...@ufies.org>.
On Wed, Oct 02, 2002 at 01:21:49PM -0400, Geoffrey Young wrote:
> so, it's not really a bug if you dig down into the docs and examples.
> looks like a feature, though :)
Agreed... more of a 'gotcha' though, ready to bite people in the butt.
Personally I think it might make more sense to do a check to see if the
val =~ /(\d+)(h|m|d|M)/ before it's sent off as a literal, but who
knows. I'll email someone about it anyway.
alan
--
Alan "Arcterex" <al...@ufies.org> -=][=- http://arcterex.net
"I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I
think I preferred the cows. They were better conversation, easier to milk, and
if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson
Re: cookies and IE
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
> But when it's set to "3d" the cookie is set as:
> Set-Cookie=name=value; path=/path; expires=3d
>
> Which makes sense, but it's a very subtle thing IMHO, and to me "1d"
> means "expire in one day", the same as "+1d".
>
> Anything think that this deserves a bug report, or chalk it up to stupid
> user syndrome?
the logic in apache_request.c seems to indicate that you get options
+time, -time, and 'now'. any other formats (such as "1d") get the
literal string in the cookie. untested, though :)
the Apache::Cookie manpage says it's a CGI::Cookie emulation, where
CGI::Cookie says to see CGI.pm for acceptable -expires values, which
doesn't say much except illustrate that + and - and 'now' are
permissible values.
so, it's not really a bug if you dig down into the docs and examples.
looks like a feature, though :)
I can't think of a reason why you'd want a literal in the expires
field, but I don't use cookies all that much, so maybe there are some
cases where it's desirable.
maybe $cookie should be undef, or the cookie should default to
browser-session-only if -expires doesn't follow the standard format?
maybe that's a question for apreq-dev@httpd.apache.org.
--Geoff
Re: cookies and IE
Posted by Alan <al...@ufies.org>.
On Wed, Oct 02, 2002 at 08:15:23AM -0500, Nicholas Studt wrote:
> > Alan wrote [ 01 October 2002 at 03:09 pm ]
> >
> > On Tue, Oct 01, 2002 at 11:30:59AM -0700, Alan wrote:
> >
> > Turns out the issue was the 'expires' tag... IE wouldn't set the cookie
> > until it was set to '+1d'
>
> If setting the expires tag to +1d fixed the problem you may want to look
> at the time on the machine running IE. I ran into a problem where the
> clients clock was in the wrong timezone, this of course changed the
> distance from GMT and caused the cookie to be expired as it was sent. IE
> did not accept the cookie at all. However once the time was set
> correctly the cookie worked correctly.
Nope... one of the versions of IE that I was running was on the same
machine (running through crossover office).
Looks like my little problem really had nothing to do with refreshing
and setting cookies, but it was actually in the way that parsing works in
Apache::Cookie (and CGI/CGI::Cookie). When the expires is set to "+3d"
the cookie is set as follows:
Set-Cookie=name=value; path=/path; expires=Sat, 05-Oct-2002 15:10:06 GMT
But when it's set to "3d" the cookie is set as:
Set-Cookie=name=value; path=/path; expires=3d
Which makes sense, but it's a very subtle thing IMHO, and to me "1d"
means "expire in one day", the same as "+1d".
Anything think that this deserves a bug report, or chalk it up to stupid
user syndrome?
Alan
--
Alan "Arcterex" <al...@ufies.org> -=][=- http://arcterex.net
"I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I
think I preferred the cows. They were better conversation, easier to milk, and
if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson
Re: cookies and IE
Posted by Nicholas Studt <ns...@angrydwarf.org>.
> Alan wrote [ 01 October 2002 at 03:09 pm ]
>
> On Tue, Oct 01, 2002 at 11:30:59AM -0700, Alan wrote:
>
> Turns out the issue was the 'expires' tag... IE wouldn't set the cookie
> until it was set to '+1d'
If setting the expires tag to +1d fixed the problem you may want to look
at the time on the machine running IE. I ran into a problem where the
clients clock was in the wrong timezone, this of course changed the
distance from GMT and caused the cookie to be expired as it was sent. IE
did not accept the cookie at all. However once the time was set
correctly the cookie worked correctly.
--
nicholas l studt
nstudt@angrydwarf.org
Re: cookies and IE
Posted by Alan <al...@ufies.org>.
On Tue, Oct 01, 2002 at 11:30:59AM -0700, Alan wrote:
> Hi folks... I'm having a bit of a weird problem with Apache::Cookie and
> IE.
>
> I'm setting a cookie and then doing a redirect as follows:
>
> my $c = Apache::Cookie->new( $r,
> -name => 'userdata',
> -value => $cookie,
> -expires => '1d',
> -path => '/dealers'
> );
>
> $r->content_type('text/html');
> $c->bake;
> $r->header_out("Refresh"=>"0;url=/dealers$request_uri");
> $r->no_cache(1);
> $r->send_http_header;
> $r->print( print_refresh_page_content() );
Turns out the issue was the 'expires' tag... IE wouldn't set the cookie
until it was set to '+1d'
alan
--
Alan "Arcterex" <al...@ufies.org> -=][=- http://arcterex.net
"I used to herd dairy cows. Now I herd lusers. Apart from the isolation, I
think I preferred the cows. They were better conversation, easier to milk, and
if they annoyed me enough, I could shoot them and eat them." -Rodger Donaldson
Re: cookies and IE
Posted by Sven Geisler <sg...@aeccom.com>.
Hi Alan,
I guess your mistake is to send the refresh header as http header.
You should use a meta tag in html or redirect in http.
Sven.
On Tue, 1 Oct 2002, Alan wrote:
> Hi folks... I'm having a bit of a weird problem with Apache::Cookie and
> IE.
>
> I'm setting a cookie and then doing a redirect as follows:
>
> my $c = Apache::Cookie->new( $r,
> -name => 'userdata',
> -value => $cookie,
> -expires => '1d',
> -path => '/dealers'
> );
>
> $r->content_type('text/html');
> $c->bake;
> $r->header_out("Refresh"=>"0;url=/dealers$request_uri");
> $r->no_cache(1);
> $r->send_http_header;
> $r->print( print_refresh_page_content() );
>
> (print_refresh_page_content() just returns a string of "authenticated")
>
> After the authenticated message is printed it should refresh back to the
> /dealers/ URL, except this time the handler will see there is a cookie
> and print out the real data, not a username/pass prompt.
>
> This works *perfectly* in mozilla linux, galeon, mozilla windows, and
> ie6 under windows XP. It *doesn't* work on ie 6 under win98, winME, or
> ie 5.5 run through crossover office. It displays the authenticated
> page, but then refreshes back to the login page. No cookie is set, but
> debug when setting the cookie shows the following:
>
> Set-Cookie=userdata=[data]; path=/dealers; expires=1d at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
> Refresh=0;url=/dealers/ at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
> Pragma=no-cache at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
> Cache-control=no-cache at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
> Connection=close at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
> Content-Type=text/html at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
> Expires=Tue, 01 Oct 2002 18:30:31 GMT at /home/alan/code/rubberoven/mod_perl/Rubberoven/Dealer.pm line 139.
>
> This is the same that is printed out when a working browser gets cookies
> set.
>
> I've played around with the security settings, and even at the lowest
> setting, with IE set to prompt for any cookies, it won't even
> acknowledge that I'm trying to set a cookie.
>
> Anyone have any ideas/solutions/thoughts?
>
>
>
--
Sven Geisler e-mail: sgeisler@aeccom.com
Senior Developer tel: (+49 30) 53 62 16 27