Welcome to WebmasterWorld Guest from 54.166.114.43

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Append cookie value to redirect

possible to add cookie value using apache redirect?

   
4:39 pm on Sep 17, 2009 (gmt 0)

10+ Year Member



Hi everyone,

I've got a redirect to a login page on a different domain, and I'd like to pass the value of the cookie "MyCookie" held on the originating domain, i.e. something like:

Redirect 301 /pagethatredirects.htm [otherdomain.com...]

I can't find any reference to this on the web - perhaps because it is not possible?

Thanks for any help :-)

6:10 pm on Sep 17, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You can't do it with mod_alias (Redirect 301), but you can do it with mod_rewrite.

Use a RewriteCond to examine %{HTTP_COOKIE}, extract the data that needs to be passed, and then back-reference that subpattern in the query string of the RewriteRule's substitution URL using %1, %2, etc. as needed.

Make sure you're not 'exposing' any data to the other server (and all network nodes in-between) that might be considered 'private.' If you do, then this needs to be detailed in your privacy policy pages (both html and xml), and in your compact privacy policy headers. If you do business in the E.U., be very careful, as their laws are quite strict.

I'm giving this detailed heads-up because normally cookie data is available *only* to the domain that sets the cookie. And in this case, you may be essentially short-circuiting users' control over their cookie data. A court summons from Amsterdam or Brussels can be expensive -- even if just considering the air-fare and time lost...

Jim

9:26 pm on Sep 17, 2009 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Also be aware that someone arriving at the second site, saying they had a valid cookie value from the other site may not have actually have one.

In other words this could be quite easy to fake - unless you take extra steps to ensure that the other site really did issue the value you are given.

8:44 am on Sep 18, 2009 (gmt 0)

10+ Year Member



Hmm, no worries about exposing data, but it does seem a little fraught with pitfalls. I'll give it a whirl and see how I go. Thanks for your replies guys :-)
 

Featured Threads

Hot Threads This Week

Hot Threads This Month