homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Append cookie value to redirect
possible to add cookie value using apache redirect?

 4:39 pm on Sep 17, 2009 (gmt 0)

Hi everyone,

I've got a redirect to a login page on a different domain, and I'd like to pass the value of the cookie "MyCookie" held on the originating domain, i.e. something like:

Redirect 301 /pagethatredirects.htm [otherdomain.com...]

I can't find any reference to this on the web - perhaps because it is not possible?

Thanks for any help :-)



 6:10 pm on Sep 17, 2009 (gmt 0)

You can't do it with mod_alias (Redirect 301), but you can do it with mod_rewrite.

Use a RewriteCond to examine %{HTTP_COOKIE}, extract the data that needs to be passed, and then back-reference that subpattern in the query string of the RewriteRule's substitution URL using %1, %2, etc. as needed.

Make sure you're not 'exposing' any data to the other server (and all network nodes in-between) that might be considered 'private.' If you do, then this needs to be detailed in your privacy policy pages (both html and xml), and in your compact privacy policy headers. If you do business in the E.U., be very careful, as their laws are quite strict.

I'm giving this detailed heads-up because normally cookie data is available *only* to the domain that sets the cookie. And in this case, you may be essentially short-circuiting users' control over their cookie data. A court summons from Amsterdam or Brussels can be expensive -- even if just considering the air-fare and time lost...



 9:26 pm on Sep 17, 2009 (gmt 0)

Also be aware that someone arriving at the second site, saying they had a valid cookie value from the other site may not have actually have one.

In other words this could be quite easy to fake - unless you take extra steps to ensure that the other site really did issue the value you are given.


 8:44 am on Sep 18, 2009 (gmt 0)

Hmm, no worries about exposing data, but it does seem a little fraught with pitfalls. I'll give it a whirl and see how I go. Thanks for your replies guys :-)

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved