Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Unable to set cookies for specific domain

by bradcathey (Prior)
on Mar 23, 2009 at 15:12 UTC ( #752625=perlquestion: print w/ replies, xml ) Need Help??
bradcathey has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monasterians,

I have a CMS that users must log into. Besides the login, there are several modules, used for various tasks, that check for the existence of the login when they are invoked.

Some users are reporting being forced to log in twice, once at the first login screen, and a second time after a requested module is invoked.

After hours of testing I finally realized that if a user does not use www. in the URI, the browser was ignoring the 1st cookie set at login, and necessitating a 2nd cookie to proceed.

So, the user enters: domainname.com/admin, but after failing, the browser fills in the address with the full URI as http://www.domainname.com and all is fine. The cookies are showing:

WebsiteValue
First login attempt:
domainname.comCGISESSID
Second login attempt:
www.domainname.comCGISESSID

The code to create the cookie was:

use CGI::Session; my $session = new CGI::Session(); my $cookie = $query->cookie( CGISESSID => $session->id, ); print $query->header(-cookie => $cookie);

So I thought I'd add the domain to the cookie params:

(my $http_host = $ENV{'HTTP_HOST'}) =~ s/(www.)?([\w\-.]+)/$2/; my $cookie = $query->cookie( CGISESSID => $session->id, -domain => ".".$http_host, ); print $query->header(-cookie => $cookie);

Still no dice. The docs for CGI::Cookie say that the dot form of the domain param, e.g., -domain => .domainname should work for any form of the domain name.

QUESTION: how do I set a proper cookie, irregardless of what the user enters as a starting URI?

Resolved: I set the <base href /> tag in the login tmpl file via $template->param(basehref => $http_post);. The cookie wrote correctly and all is well.

—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Comment on Unable to set cookies for specific domain
Select or Download Code
Re: Unable to set cookies for specific domain
by ikegami (Pope) on Mar 23, 2009 at 15:26 UTC

    ".domainname" actually means "any subdomain of domainname". It doesn't include domainname. Remove the dot.

    Another solution is to make example.com(.*) redirect to www.example.com$1.

      Thanks ikegami, but setting the domain param to -domain => domainname.com replicated the failed result. I tried forcing -domain => www.domainname.com and it wouldn't even write the cookie. So, basically, no domain param seems to work, which strikes me as strange.

      And unfortunately, the redirect will not work because I'm hosting multiples sites all using the same code with relative paths and HTML::Template.

      That said, I tried a redirect in the HTML, but even that didn't work unless the URI was specifically domainname.com/admin/index.html, which also seems strange.


      Update: See my resolution in the above OP

      —Brad
      "The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://752625]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (6)
As of 2014-07-25 05:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (167 votes), past polls