Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Changing Cookie Domains

Tags:

apache

session-cookies

mod-rewrite

dns

I use apache as a proxy to my application web server and would like to on the fly, change the domain name associated with a sessionid cookie.

The cookie has a .company.com domain associated with it, and I would like using apache mod rewrite (or some similar module), transparently change the domain to app.company.com. Is this possible ? and if so, how would one go about it ?

like image 772
abu.marcose Avatar asked Feb 07 '11 15:02

abu.marcose

2 Answers

You can only change the domain of a cookie on the client, or when it's being set on the server. Once a cookie has been set, the path and domain information for it only exists on the client. So existing cookies can't have their domain changed on the server, because that information isn't sent from the client to the server.

For example, if you have a cookie that looks like this on your local machine:

MYCOOKIE:123, domain:www.test.com, path:/

Your server will only receive:

MYCOOKIE:123

on the server. Why isn't the path and domain sent? Because the browser keeps that information on the client, and doesnt bother sending it along, since it only sends this cookie to your server if the page is at www.test.com and at the path /.

Since it's your server, you should be able to change your code that creates new cookies. If you felt you needed to do it outside of your code for some reason, you could do so with something like the following, but you'd have to look exactly at how your cookie is being written in the header to match it exactly. The following is an untested guess at a workable solution for this, using Apache's mod_headers:

<IfModule mod_headers.c>
  Header edit Set-Cookie (.*)(domain=.company.com;)(.*) $1 domain=app.company.com; $2
</IfModule>

You can also use mod_headers to change the cookie received from the client, like so, if need be:

<IfModule mod_headers.c>
  RequestHeader edit Cookie "OLD_COOKIE=([0-9a-zA-Z\-]*);" "NEW_COOKIE_NAME=$1;"
</IfModule>

This would only rename cookies you receive in the request.

like image 88
Brad Parks Avatar answered Sep 30 '22 07:09

Brad Parks

 
ProxyPassReverseCookieDomain company.com app.company.com

or interchanging domains (as you are not clearly defining which is internal/external).

ref: https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#ProxyPassReverseCookieDomain

like image 24
cuter44 Avatar answered Sep 30 '22 05:09

cuter44
Sign in to Comment

Related questions

Apache, how to handle unknown php file like standard URLs?
Certbot unable to locate environment variable credentials
How to enable the Laravel app working in a subdomain to handle the requests from another subdomain, without changing the URL in the browser?
Kerberos user authentication in Apache
How do I use a vendor Apache with a self-compiled Perl and mod_perl?
File / Image Replication
Apache logs -- what is difference between %a and %h?
Map virtual directory to another web server in apache
Remove trailing slashes
Why do some page requests hang when fetching Javascript/image assets using Safari and Apache 2.2.3?
Apache Django Mod_Wsgi - auto reload
Apache with JBOSS using AJP (mod_jk) giving spikes in thread count
How can I defer processing during apache / mod_perl page rendering?
PAM authentication problem
PHP Force Apache error
No POST data being returned when hidden input type is present
Serving static files with logic in django (keeping a downloadcount)
Load module into apache + mod-wsgi
Using SVN in web-development
PHP CodeIgniter 404 on deploy

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!