Jump to content

HTTP_COOKIE exists under HTTPS, but not under HTTP


darlingm

Recommended Posts

I'm probably missing something simple.  I am migrating to a new server.  The old server ran Apache 2.0.46 on RHEL 3, and the new server runs Apache 2.2.3 on CentOS 5.1.  The packages related to apache that my new server has installed are: "apr - 1.2.7-11.x86_64", "apr-util - 1.2.7-6.x86_64", "httpd - 2.2.3-11.el5_1.centos.3.x86_64", "mod_ssl - 1:2.2.3-11.el5_1.centos.3.x86_64", and "php - 5.1.6-15.el5.x86_64".

 

On the new server, HTTP_COOKIE only exists when using a HTTPS connection.  HTTP_COOKIE does not exist at all when using a HTTP connection.  This occurs regardless of what computer I'm using, or what browser I'm using.

 

Any ideas on what I'm missing?  I'm positive the cookies are created and exist, I've verified that through the FireFox addon "View Cookies".  The cookies have the Domain ".www.mydomain.com" but do not specify a protocol (if they even can.)  I ran into this with some CGI applications not finding their cookies, and verified it by running a perl CGI script that prints out every environment variable.

 

Everything else is identical from the perl CGI script showing environment variables, except HTTPS of course has "HTTPS = on", the REMOTE_PORT is of course different, the SERVER_PORT of course changes from 80 to 443, and all the SSL_* variables exist.

 

I've compared my old server's http configuration files to my new server's, and can't see anything I've missed, but obviously I'm missing something somewhere.

Link to comment
Share on other sites

Meh... Nevermind, figured it out.  None of the cookies that we use are supposed to be set to secure.  The programmer who made our cookie library years ago didn't initialize the boolean variable, so it was randomly being set to true or false for secure.  Can't believe we didn't run into this earlier...

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.