Alright, I've pulled my hair out long enough on this one, and I just can't figure out why it's not working.

We're using a tool to inject a header variable (it happens to be Oracle Access Manager, but that shouldn't matter). We're trying to convert that variable into a cookie with a special format (because, surprise, surprise, OAM doesn't do it right) using rewrite rules so that it can be used by back end application servers. If we could change all the apps on those app servers *right now* to use a format that OAM can provide, no biggie - but we can't.

We were using mod_proxy's ProxyPass, but it seems that runs prior to the mod_rewrite/mod_headers stuff that we are using to get the cookie built... So we converted to a proxy via RewriteRule. And it's still not working. The cookie variable that shows up at the appserver is set to "Passport=&userid&" (without the USERNAMEVAR). A CGI on the Apache spits out the proper variable, but it only gets a part of the variable back to the back end app server.

Here's the config:

RewriteCond %{HTTP:USERNAMEVAR} (.*)
RewriteRule .* - [E=env_passport:%1]
RequestHeader append Cookie "; Passport=&userid&%{env_passport}e"
RewriteRule ^/someapp/(.*) http://server.example.com:8080/someapp/$1 [P]

Anyone got any ideas on where we're going wrong? I know it's convoluted, what with mod_proxy/mod_rewrite/mod_headers... But any help is greatly appreciated!