Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Unable to set cookies for specific domain

by bradcathey (Prior)
on Mar 23, 2009 at 15:12 UTC ( #752625=perlquestion: print w/replies, xml ) Need Help??
bradcathey has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monasterians,

I have a CMS that users must log into. Besides the login, there are several modules, used for various tasks, that check for the existence of the login when they are invoked.

Some users are reporting being forced to log in twice, once at the first login screen, and a second time after a requested module is invoked.

After hours of testing I finally realized that if a user does not use www. in the URI, the browser was ignoring the 1st cookie set at login, and necessitating a 2nd cookie to proceed.

So, the user enters:, but after failing, the browser fills in the address with the full URI as and all is fine. The cookies are showing:

First login attempt:
Second login attempt:

The code to create the cookie was:

use CGI::Session; my $session = new CGI::Session(); my $cookie = $query->cookie( CGISESSID => $session->id, ); print $query->header(-cookie => $cookie);

So I thought I'd add the domain to the cookie params:

(my $http_host = $ENV{'HTTP_HOST'}) =~ s/(www.)?([\w\-.]+)/$2/; my $cookie = $query->cookie( CGISESSID => $session->id, -domain => ".".$http_host, ); print $query->header(-cookie => $cookie);

Still no dice. The docs for CGI::Cookie say that the dot form of the domain param, e.g., -domain => .domainname should work for any form of the domain name.

QUESTION: how do I set a proper cookie, irregardless of what the user enters as a starting URI?

Resolved: I set the <base href /> tag in the login tmpl file via $template->param(basehref => $http_post);. The cookie wrote correctly and all is well.

"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Replies are listed 'Best First'.
Re: Unable to set cookies for specific domain
by ikegami (Pope) on Mar 23, 2009 at 15:26 UTC

    ".domainname" actually means "any subdomain of domainname". It doesn't include domainname. Remove the dot.

    Another solution is to make*) redirect to$1.

      Thanks ikegami, but setting the domain param to -domain => replicated the failed result. I tried forcing -domain => and it wouldn't even write the cookie. So, basically, no domain param seems to work, which strikes me as strange.

      And unfortunately, the redirect will not work because I'm hosting multiples sites all using the same code with relative paths and HTML::Template.

      That said, I tried a redirect in the HTML, but even that didn't work unless the URI was specifically, which also seems strange.

      Update: See my resolution in the above OP

      "The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://752625]
Approved by Corion
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (8)
As of 2017-05-26 22:53 GMT
Find Nodes?
    Voting Booth?