You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Marc Lambrichs <ma...@melange-it.nl> on 2006/12/09 02:18:09 UTC
reset multiple cookies
I'm trying to reset multiple cookies. However, only the last one of the
@cookies array is reset. How come?
foreach ( @domains ){
push @cookies, APR::Request::Cookie->new( $r->pool,
name => 'ticket',
value => '',
path => '/',
( domain => $_ ),
@expires );
}
foreach my $cookie ( @cookies ){
$log->debug( '[logout]: ' . $cookie->as_string );
$r->err_headers_out->add( 'Set-Cookie' => $cookie->as_string );
}
return Apache2::Const::OK;
Cheers,
Marc
Marc Lambrichs
====================================
Melange IT B.V.
Postbus 3581
1001 AJ Amsterdam
http://www.melange-it.com
====================================
Re: reset multiple cookies
Posted by to...@tuxteam.de.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, Dec 09, 2006 at 02:18:09AM +0100, Marc Lambrichs wrote:
> I'm trying to reset multiple cookies. However, only the last one of the
> @cookies array is reset. How come?
>
[...]
> foreach my $cookie ( @cookies ){
> $log->debug( '[logout]: ' . $cookie->as_string );
> $r->err_headers_out->add( 'Set-Cookie' => $cookie->as_string );
> }
Try instead this (DISCLAIMER: untested):
$r->err_headers_out->add('Set-Cookie' => \@cookies);
(i.e. adding the whole cookies list as one array ref). My guess is that
err_headers_out has only one slot and you overwrite things on each call
of add.
HTH
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFe58RBcgs9XrR2kYRArVLAJ9o598MNhyReXXq57zYkFzamFhFaQCggKjX
WrSTAqUD4aW06vujDRlvl1k=
=oj1b
-----END PGP SIGNATURE-----
Re: reset multiple cookies
Posted by Marc Lambrichs <ma...@melange-it.nl>.
Yes, fully intentional. We want to wipe out all cookies of all domains
that have been set during a session.
Marc
Robert Landrum wrote:
> Marc Lambrichs wrote:
>
>> Date: Sun, 10 Dec 2006 12:50:09 GMT
>> Server: Apache
>> Set-Cookie: auth_tkt=; path=/; domain=main.domain.com; expires=Sun,
>> 10-Dec-2006 11:50:09 GMT
>> Set-Cookie: auth_tkt=; path=/; domain=first.domain.com; expires=Sun,
>> 10-Dec-2006 11:50:09 GMT
>> Set-Cookie: auth_tkt=; path=/; domain=second.domain.com; expires=Sun,
>> 10-Dec-2006 11:50:09 GMT
>
>
> I'm no expert, but it looks like you might be setting expired cookies,
> in which case the browser will ignore them.
>
> Was this your intent?
>
> Rob
--
Marc Lambrichs
====================================
Melange IT B.V.
Postbus 3581
1001 AJ Amsterdam
http://www.melange-it.com
====================================
-
Re: reset multiple cookies
Posted by Robert Landrum <rl...@aol.net>.
Marc Lambrichs wrote:
> Date: Sun, 10 Dec 2006 12:50:09 GMT
> Server: Apache
> Set-Cookie: auth_tkt=; path=/; domain=main.domain.com; expires=Sun,
> 10-Dec-2006 11:50:09 GMT
> Set-Cookie: auth_tkt=; path=/; domain=first.domain.com; expires=Sun,
> 10-Dec-2006 11:50:09 GMT
> Set-Cookie: auth_tkt=; path=/; domain=second.domain.com; expires=Sun,
> 10-Dec-2006 11:50:09 GMT
I'm no expert, but it looks like you might be setting expired cookies,
in which case the browser will ignore them.
Was this your intent?
Rob
Re: reset multiple cookies
Posted by Marc Lambrichs <ma...@melange-it.nl>.
Well, there's no problem there. Checking the head looks ok: my tests
show three Set-Cookie statements:
$ curl -I --cookie
"auth_tkt=ZjY4MDk5NWYwOTRlODNmNGJiNDhlNmI0ZmY4M2ZkZjM0NTdjMDA3Y21sQG1lbGFuZ2UtaXQubmwhMTE2NTc1NDQ5Mjo4Mi45Mi45NS4yMDI=;
domain=main.domain.com;" http://main.domain.com/logout
HTTP/1.1 200 OK
Date: Sun, 10 Dec 2006 12:50:09 GMT
Server: Apache
Set-Cookie: auth_tkt=; path=/; domain=main.domain.com; expires=Sun,
10-Dec-2006 11:50:09 GMT
Set-Cookie: auth_tkt=; path=/; domain=first.domain.com; expires=Sun,
10-Dec-2006 11:50:09 GMT
Set-Cookie: auth_tkt=; path=/; domain=second.domain.com; expires=Sun,
10-Dec-2006 11:50:09 GMT
Refresh: 0;URL=http://www.domain.com/login.html
Content-Type: text/plain
Is this a browser related problem??
Philip M. Gollucci wrote:
> John ORourke wrote:
>
>> Very strange then... My best guess is the browser will only accept
>> one cookie with a given name in a given set of headers - check the
>> response headers to see that they're all there, then you know it's
>> the browser. I found the Web Developers Toolbar for Firefox very
>> useful when doing my cookie code - you can view, manually add, clear
>> session cookies, clear domain cookies, view which cookies will be
>> sent to the server, view response headers etc.
>
> Like um ---
>
> curl -I -Hmyheader URI
>
> never trust a browser -- just make you send what you mean to send.
>
>
Re: reset multiple cookies
Posted by John ORourke <jo...@o-rourke.org>.
Philip M. Gollucci wrote:
> John ORourke wrote:
>> the Web Developers Toolbar for Firefox very useful when doing my
>> cookie code - you can view, manually
> curl -I -Hmyheader URI
>
> never trust a browser -- just make you send what you mean to send.
I was using command line requests for debugging just yesterday, how
could I forget! Now let the wget vs curl flame wars commence...
John
Re: reset multiple cookies
Posted by "Philip M. Gollucci" <pg...@p6m7g8.com>.
John ORourke wrote:
> Very strange then... My best guess is the browser will only accept one
> cookie with a given name in a given set of headers - check the response
> headers to see that they're all there, then you know it's the browser.
> I found the Web Developers Toolbar for Firefox very useful when doing my
> cookie code - you can view, manually add, clear session cookies, clear
> domain cookies, view which cookies will be sent to the server, view
> response headers etc.
Like um ---
curl -I -Hmyheader URI
never trust a browser -- just make you send what you mean to send.
--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF
I never had a dream come true
'Til the day that I found you.
Even though I pretend that I've moved on
You'll always be my baby.
I never found the words to say
You're the one I think about each day
And I know no matter where life takes me to
A part of me will always be...
A part of me will always be with you.
Re: reset multiple cookies
Posted by Jonathan Vanasco <mo...@2xlp.com>.
Well, this might sound silly, but have you tried printing the
domains to make sure you're seeing this cookies in mod_perl ?
I saw the 'as_string' part -- are you seeing everything like that as
you should?
in the past I've had stupid errors with this steff when i had
namespace issues like @domains instead of @$domains
print STDERR "\nDomains:";
foreach ( @domains ){
print STDERR "\n\t-$_";
push @cookies, APR::Request::Cookie->new( $r->pool,
name => 'ticket',
value => '',
path => '/',
( domain => $_ ),
@expires );
}
print STDERR "\nCookies:";
foreach my $cookie ( @cookies ){
print STDERR "\n\t-$_";
$log->debug( '[logout]: ' . $cookie->as_string );
$r->err_headers_out->add( 'Set-Cookie' => $cookie-
>as_string );
}
return Apache2::Const::OK;
// Jonathan Vanasco
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
Re: reset multiple cookies
Posted by John ORourke <jo...@o-rourke.org>.
Very strange then... My best guess is the browser will only accept one
cookie with a given name in a given set of headers - check the response
headers to see that they're all there, then you know it's the browser.
I found the Web Developers Toolbar for Firefox very useful when doing my
cookie code - you can view, manually add, clear session cookies, clear
domain cookies, view which cookies will be sent to the server, view
response headers etc.
Marc Lambrichs wrote:
> That's exactly what I'm trying to do now. But, like I said, only the
> last one is changed/set.
>
> Marc
>
> John ORourke wrote:
>
>> Marc Lambrichs wrote:
>>
>>> I'm trying to reset multiple cookies. However, only the last one of
>>> the @cookies array is reset. How come?
>>>
>>> foreach ( @domains ){
>>> ( domain => $_ ),
>>> foreach my $cookie ( @cookies ){
>>> $r->err_headers_out->add( 'Set-Cookie' =>
>>> $cookie->as_string );
>>> }
>>
>>
>> This would only work if all the domains have an ending containing 2
>> dots matching the host setting it - eg. www.yoursite.com can set
>> cookies for something.yoursite.com and another.yoursite.com, but not
>> for www.microsoft.com. Imagine if your favourite warez site set a
>> cookie with domain microsoft.com...
>>
>> Of course, this rule was invented by short-sighted inhabitants of
>> .com/net/org, so when .co.uk came along it became a bit worthless but
>> nobody's ever decided to fix it.
>>
>> http://blog.javido.net/index.php?tag=cookies
>>
>> cheers
>> John
>>
>
>
Re: reset multiple cookies
Posted by John ORourke <jo...@versatilia.com>.
Marc Lambrichs wrote:
> I'm trying to reset multiple cookies. However, only the last one of
> the @cookies array is reset. How come?
>
> foreach ( @domains ){
> ( domain => $_ ),
> foreach my $cookie ( @cookies ){
> $r->err_headers_out->add( 'Set-Cookie' =>
> $cookie->as_string );
> }
This would only work if all the domains have an ending containing 2 dots
matching the host setting it - eg. www.yoursite.com can set cookies for
something.yoursite.com and another.yoursite.com, but not for
www.microsoft.com. Imagine if your favourite warez site set a cookie
with domain microsoft.com...
Of course, this rule was invented by short-sighted inhabitants of
.com/net/org, so when .co.uk came along it became a bit worthless but
nobody's ever decided to fix it.
http://blog.javido.net/index.php?tag=cookies
cheers
John