homepage Welcome to WebmasterWorld Guest from 54.226.0.225
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
User mod header for only responses setting cookies
dfresh4130




msg:4513391
 2:09 pm on Oct 29, 2012 (gmt 0)

So we have a foreign site that's pulling in a cookie and login widget from our domestic site. Since the foreign site is .de, but our domestic site is .com it treats our login widget request as a third party cookie. To get around this we're using mod_header in apache 2.2 which works, but it's being set on every request. We'd like to find a way for it to only be set on responses that are setting cookies. Below is what we have currently. Is there any way to narrow it down? Thanks

Header set P3P 'CP="This is not a P3P policy! See our privacy statement here http://www.example.com/example/cms/lang/en/site/products/home/privacy-statement"

 

dfresh4130




msg:4513492
 7:31 pm on Oct 29, 2012 (gmt 0)

I'm thinking it's possible to create an ifModule statement like below if there's a set-cookie directive in the request. Does anyone have any suggestions on how the syntax would work for something like below?


<IfModule mod_headers>
[Some command to check if Set-Cookie is being sent]
Header set P3P 'CP="This is not a P3P policy! See our privacy statement here http://www.example.com/example/cms/lang/en/site/products/home/privacy-statement"
</IfModule>

vincevincevince




msg:4514483
 2:53 am on Nov 1, 2012 (gmt 0)

All I can think of is using mod_rewrite and a rewriterule to detect the presence of the cookie in the headers, then redirecting (internally?) to something which will set the P3P as required.

lucy24




msg:4514499
 4:46 am on Nov 1, 2012 (gmt 0)

I'm thinking it's possible to create an ifModule statement like below

There is no reason for the "ifModule" envelope. Either you've got the module or you don't. And if you don't, you'll need to make a different rule.

I keep wondering whether this counts as a third-party cookie and hence something the EU would raise a stink about. In fact it may be a problem anyway. I don't know what the ordinary browser default is, but I know that mine only accepts direct cookies ("from sites I visit"). I'm pretty sure that was the default.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved