HTTP_COOKIE exists under HTTPS, but not under HTTP

[darlingm]

I'm probably missing something simple.  I am migrating to a new server.  The old server ran Apache 2.0.46 on RHEL 3, and the new server runs Apache 2.2.3 on CentOS 5.1.  The packages related to apache that my new server has installed are: "apr - 1.2.7-11.x86_64", "apr-util - 1.2.7-6.x86_64", "httpd - 2.2.3-11.el5_1.centos.3.x86_64", "mod_ssl - 1:2.2.3-11.el5_1.centos.3.x86_64", and "php - 5.1.6-15.el5.x86_64".

 

On the new server, HTTP_COOKIE only exists when using a HTTPS connection.  HTTP_COOKIE does not exist at all when using a HTTP connection.  This occurs regardless of what computer I'm using, or what browser I'm using.

 

Any ideas on what I'm missing?  I'm positive the cookies are created and exist, I've verified that through the FireFox addon "View Cookies".  The cookies have the Domain ".www.mydomain.com" but do not specify a protocol (if they even can.)  I ran into this with some CGI applications not finding their cookies, and verified it by running a perl CGI script that prints out every environment variable.

 

Everything else is identical from the perl CGI script showing environment variables, except HTTPS of course has "HTTPS = on", the REMOTE_PORT is of course different, the SERVER_PORT of course changes from 80 to 443, and all the SSL_* variables exist.

 

I've compared my old server's http configuration files to my new server's, and can't see anything I've missed, but obviously I'm missing something somewhere.

[darlingm]

Meh... Nevermind, figured it out.  None of the cookies that we use are supposed to be set to secure.  The programmer who made our cookie library years ago didn't initialize the boolean variable, so it was randomly being set to true or false for secure.  Can't believe we didn't run into this earlier...