Unable to set cookies for specific domain

bradcathey has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monasterians,

I have a CMS that users must log into. Besides the login, there are several modules, used for various tasks, that check for the existence of the login when they are invoked.

Some users are reporting being forced to log in twice, once at the first login screen, and a second time after a requested module is invoked.

After hours of testing I finally realized that if a user does not use www. in the URI, the browser was ignoring the 1st cookie set at login, and necessitating a 2nd cookie to proceed.

So, the user enters: domainname.com/admin, but after failing, the browser fills in the address with the full URI as http://www.domainname.com and all is fine. The cookies are showing:

Website	Value
First login attempt:
domainname.com	CGISESSID
Second login attempt:
www.domainname.com	CGISESSID

The code to create the cookie was:

use CGI::Session;
my $session = new CGI::Session();

my $cookie = $query->cookie(  
                            CGISESSID => $session->id,
                           );
print $query->header(-cookie => $cookie);
[download]

So I thought I'd add the domain to the cookie params:

(my $http_host  = $ENV{'HTTP_HOST'}) =~ s/(www.)?([\w\-.]+)/$2/;

my $cookie = $query->cookie(  
                            CGISESSID => $session->id,
                            -domain  =>  ".".$http_host,
                           );
print $query->header(-cookie => $cookie);
[download]

Still no dice. The docs for CGI::Cookie say that the dot form of the domain param, e.g., -domain => .domainname should work for any form of the domain name.

QUESTION: how do I set a proper cookie, irregardless of what the user enters as a starting URI?

Resolved: I set the <base href /> tag in the login tmpl file via $template->param(basehref => $http_post);. The cookie wrote correctly and all is well.

—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Comment on Unable to set cookies for specific domain Select or Download Code

Replies are listed 'Best First'.
Re: Unable to set cookies for specific domain by ikegami (Patriarch) on Mar 23, 2009 at 15:26 UTC
"`.domainname`" actually means "any subdomain of `domainname`". It doesn't include `domainname`. Remove the dot. Another solution is to make `example.com(.*)` redirect to `www.example.com$1`.	[reply] [d/l] [select]
Re^2: Unable to set cookies for specific domain by bradcathey (Prior) on Mar 23, 2009 at 16:24 UTC
Thanks ikegami, but setting the domain param to `-domain => domainname.com` replicated the failed result. I tried forcing `-domain => www.domainname.com` and it wouldn't even write the cookie. So, basically, no domain param seems to work, which strikes me as strange. And unfortunately, the redirect will not work because I'm hosting multiples sites all using the same code with relative paths and HTML::Template. That said, I tried a redirect in the HTML, but even that didn't work unless the URI was specifically `domainname.com/admin/index.html`, which also seems strange. Update: See my resolution in the above OP —Brad "The important work of moving the world forward does not wait to be done by perfect men." George Eliot	[reply] [d/l] [select]


Perl Monk, Perl Meditation
	PerlMonks