Received: (qmail 17548 invoked by uid 501); 21 Dec 2000 21:41:37 -0000
Message-Id: <20001221214137.17547.qmail@locus.apache.org>
Date: 21 Dec 2000 21:41:37 -0000
From: Eric Chan <echan@sybase.com>
Reply-To: echan@sybase.com
To: submit@bugz.apache.org
Subject: The apache redirect machenism doesn't seem to send back a cookie set in a header (?)
X-Send-Pr-Version: 3.110

>Number:         7007
>Category:       apache-api
>Synopsis:       The apache redirect machenism doesn't seem to send back a cookie set in a header (?)
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Dec 21 13:50:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     echan@sybase.com
>Release:        1.3.9
>Organization:
apache
>Environment:
Solaris 2.6
Sun workshop 6.0
>Description:
Not sure if this is actually a bug, but I'm completely stuck and no clue
on how to proceed.
Basically I have a module that has content handler to handle a mime type
that I define.  Within the handler, I do user authentication and set a cookie
in the headers_out table to keep the session info.  Then I want to redirect
the user to a page.  The form that invokes this content handler does a post
and the plugin gets the user name and password from it.  The handler does the
following

      get post data
      authenticate user
      ap_table_set(r->headers_out,"Set-Cookie","session=...");
      ap_table_set(r->headers_out,"Location","someU_url");
      return REDIRECT;

The redirection is working fine, but the cookie is being sent back to the
browser.  Should the redirect also send back the cookie?  I know the cookie
is set correctly because if I do ap_send_http_header(r), the cookie is sent.
I also tried the following
     
      ap_table_set(r->headers_out,"Set-Cookie","session=...");
      ap_send_http_header(r);
      ap_table_set(r->headers_out,"Location","someurl");
      return REDIRECT;

This doesn't work either.  I've tried various ways, using subrequest, internal
redirect, etc. to try redirecting the user to another page and send back
the cookie at the same time.  Nothing seems to work.  Is calling
ap_send_http_header the only way to send back a cookie?  If so, how can
I do a redirect following a ap_send_http_header?
>How-To-Repeat:
write a simple module that handles a post request from a form.  Set a cookie
in the content handler, then do a redirect.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]