Bug 12172 - Path specification when setting a cookie with mod_rewrite
Summary: Path specification when setting a cookie with mod_rewrite
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_rewrite (show other bugs)
Version: 2.0.40
Hardware: All All
: P3 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
Depends on:
Reported: 2002-08-29 17:54 UTC by Rob Cromwell
Modified: 2004-11-16 19:05 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Rob Cromwell 2002-08-29 17:54:26 UTC
Currently, when setting a cookie using the cookie|CO RewriteRule flag there is 
no ability to specify the path of the cookie.

'cookie|CO=NAME:VAL:domain[:lifetime]' (set cocookie)

I suggest adding a second optional parameter to specify the path of the 
cookie.  By adding it as an optional parameter, there won't be any conflicts 
with existing cookie RewriteRules.

'cookie|CO=NAME:VAL:domain[:lifetime][:path]' (set cocookie)

I've modified the add_cookie function below to work with the new path field.
static void add_cookie(request_rec *r, char *s)
    char *var;
    char *val;
    char *domain;
    char *expires;
    char *path;

    char *tok_cntx;
    char *cookie;

    if (s) {
        var = apr_strtok(s, ":", &tok_cntx);
        val = apr_strtok(NULL, ":", &tok_cntx);
        domain = apr_strtok(NULL, ":", &tok_cntx);
        expires = apr_strtok(NULL, ":", &tok_cntx);
        path = apr_strtok(NULL, ":", &tok_cntx);

        if (var && val && domain) {
            /* FIX: use cached time similar to how logging does it */
            cookie = apr_pstrcat( r->pool,
                                  "; path=",
                                  (path)? path : "/",
                                  "; domain=",
                                  (expires)? "; expires=" : NULL,
                                  (expires)? ap_ht_time(r->pool,
                                                        r->request_time +
                                                        apr_time_from_sec(60 * 
                                                         "%a, %d-%b-%Y %T GMT", 
                                           : NULL,

             * XXX: should we add it to err_headers_out as well ?
             * if we do we need to be careful that only ONE gets sent out
            apr_table_add(r->headers_out, "Set-Cookie", cookie);
            rewritelog(r, 5, "setting cookie '%s' to '%s'", var, val);
Comment 1 Joshua Slive 2002-08-29 20:43:29 UTC
Not sure why I'm cc'ed here.  Remove it and note that a fix is proposed in the
Comment 2 Ian Holsman 2002-08-29 23:16:48 UTC
Thanks once again Rob.
for my sanity, can you mention the other bugs you have open on the same piece of
functionality ;-) 
save me 3 seperate commits
Comment 3 Rob Cromwell 2002-08-30 01:11:55 UTC
Works great! Sorry for the trouble :\
Comment 4 Ian Holsman 2002-08-30 03:04:00 UTC
just me bitching.. take no heed