Forum Moderators: phranque
I have a web-plugin that does some authenticatio & authorization for
the Apache WebServer.
On successful Authorization, I am setting a cookie.
The first time I access a page. I can see the Cookie in LiveHTTPHeaders (Mozilla Firefox).
However after session timeout, when I refresh the page, I am again being asked
for authentication (acceptable).
The problem: though my plugin sets the Cookie, I do not see it being returned in
LiveHTTPHeader. All I see is the "HTTP 304 Use Local Copy" being returned.
If I clear the cache, then I can again see the Cookie. I cannot disable cache
due to performance reasons.
Browsing the net I came across the following:
At the end of the thread comm. they seemed to agree to include a directive to modify this behaviour.
However, I do not find any documentation for this directive in Apache Docs.
Any idea what that directive is / how do I change the behaviour of the Apache Web Server so that
I am able to see the Cookie. I am using Apache 2.2.
Thanks.
What directive are you looking for?
If your plug-in is activated by a page load, then of course it won't execute if a 304-Not Modified response is returned by the server. In that case, the server does not invoke your scripts, so the plug-in won't execute, and cannot set the cookie.
Jim
I have debugged the code & confirmed that the plugin/module
does get executed.
Not sure why the link is not working.
You may try this link, though it does give that much info -
[issues.apache.org...]
Thanks.
Let's be specific here: Does the plugin/module get executed when a 304-Not Modified response is sent?
If not, then the 'page' must be marked as non-cacheable, unless you want to modify the Apache source code and compile a custom version to install on your server.
If so, then the module/plugin itself could check whether the HTTP-Cookie was sent by the client and if not, then re-send the page (and re-set the cookie) instead of responding with a 304-Not Modified response. (Because you said the module *does* get executed in the 304 state, I am assuming here that the plugin/module is handling the page-modified/not-modified status as well as the cookie state. And if this is true, then it can take the cookie state into account as well as the page-last-updated state, in determining whether to re-send the page or return a 304.)
Jim
[edited by: jdMorgan at 2:37 pm (utc) on June 1, 2009]
What it does is this:
1) Authenticate
2) Authorize
3) Set the Cookie.
This works perfectly fine the first time.
1) I access a page.
2) The plugin/module intercepts the request & gets executed
3) It will set the Cookie.
However after a timeout (say 5 minutes), I just refresh the
page:
1) The plugin/module intercepts the request & gets executed
2) It will set the Cookie
However I do not see the Cookie in the LiveHTTPHeader
(Firefox). What I see is an HTTP 304 response from the
WebServer.
Now, I clear all the cache & Cookies. Once again the same
steps are performed. Now I see the Cookie. ( with an HTTP
200).
Now I just clear Cookies so that I will be asked for
authentication (Note that I have not cleared the cache.)
Again I go through the same steps but this time I do not
see the Cookie (HTTP 304).
I hope that clears any confusion that you might have.
Thanks
If it is the plugin/module sending the 304 response, then modify the plugin/module code as I outlined above.
If it is the server, then that indicates that the plugin/module is *not* being executed, and you will have to mark the page as non-cacheable to fix this problem.
That's pretty much the limit of my knowledge on this subject, having had no first-hand experience with your plugin/module.
Jim
