homepage Welcome to WebmasterWorld Guest from 54.204.182.118
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
User mod header for only responses setting cookies
dfresh4130

5+ Year Member



 
Msg#: 4513389 posted 2:09 pm on Oct 29, 2012 (gmt 0)

So we have a foreign site that's pulling in a cookie and login widget from our domestic site. Since the foreign site is .de, but our domestic site is .com it treats our login widget request as a third party cookie. To get around this we're using mod_header in apache 2.2 which works, but it's being set on every request. We'd like to find a way for it to only be set on responses that are setting cookies. Below is what we have currently. Is there any way to narrow it down? Thanks

Header set P3P 'CP="This is not a P3P policy! See our privacy statement here http://www.example.com/example/cms/lang/en/site/products/home/privacy-statement"

 

dfresh4130

5+ Year Member



 
Msg#: 4513389 posted 7:31 pm on Oct 29, 2012 (gmt 0)

I'm thinking it's possible to create an ifModule statement like below if there's a set-cookie directive in the request. Does anyone have any suggestions on how the syntax would work for something like below?


<IfModule mod_headers>
[Some command to check if Set-Cookie is being sent]
Header set P3P 'CP="This is not a P3P policy! See our privacy statement here http://www.example.com/example/cms/lang/en/site/products/home/privacy-statement"
</IfModule>

vincevincevince

WebmasterWorld Senior Member vincevincevince us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4513389 posted 2:53 am on Nov 1, 2012 (gmt 0)

All I can think of is using mod_rewrite and a rewriterule to detect the presence of the cookie in the headers, then redirecting (internally?) to something which will set the P3P as required.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4513389 posted 4:46 am on Nov 1, 2012 (gmt 0)

I'm thinking it's possible to create an ifModule statement like below

There is no reason for the "ifModule" envelope. Either you've got the module or you don't. And if you don't, you'll need to make a different rule.

I keep wondering whether this counts as a third-party cookie and hence something the EU would raise a stink about. In fact it may be a problem anyway. I don't know what the ordinary browser default is, but I know that mine only accepts direct cookies ("from sites I visit"). I'm pretty sure that was the default.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved