Welcome to WebmasterWorld Guest from 23.22.182.29

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Append cookie value to redirect

possible to add cookie value using apache redirect?

     
4:39 pm on Sep 17, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:May 13, 2003
posts: 151
votes: 0


Hi everyone,

I've got a redirect to a login page on a different domain, and I'd like to pass the value of the cookie "MyCookie" held on the originating domain, i.e. something like:

Redirect 301 /pagethatredirects.htm [otherdomain.com...]

I can't find any reference to this on the web - perhaps because it is not possible?

Thanks for any help :-)

6:10 pm on Sept 17, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


You can't do it with mod_alias (Redirect 301), but you can do it with mod_rewrite.

Use a RewriteCond to examine %{HTTP_COOKIE}, extract the data that needs to be passed, and then back-reference that subpattern in the query string of the RewriteRule's substitution URL using %1, %2, etc. as needed.

Make sure you're not 'exposing' any data to the other server (and all network nodes in-between) that might be considered 'private.' If you do, then this needs to be detailed in your privacy policy pages (both html and xml), and in your compact privacy policy headers. If you do business in the E.U., be very careful, as their laws are quite strict.

I'm giving this detailed heads-up because normally cookie data is available *only* to the domain that sets the cookie. And in this case, you may be essentially short-circuiting users' control over their cookie data. A court summons from Amsterdam or Brussels can be expensive -- even if just considering the air-fare and time lost...

Jim

9:26 pm on Sept 17, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Also be aware that someone arriving at the second site, saying they had a valid cookie value from the other site may not have actually have one.

In other words this could be quite easy to fake - unless you take extra steps to ensure that the other site really did issue the value you are given.

8:44 am on Sept 18, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:May 13, 2003
posts:151
votes: 0


Hmm, no worries about exposing data, but it does seem a little fraught with pitfalls. I'll give it a whirl and see how I go. Thanks for your replies guys :-)