Re: SSI and *reading* a cookie only

I already know that you cannot set a cookie with an SSI script and I think I understand why - the set cookie command has to go before the headers and the SSI content is generated by the server and put below those headers.

No, that's not it. It's that the headers (including MIME type) don't matter. Try setting your MIME type to "image/jpeg", for example. The server doesn't care: it just inserts the contents of STDOUT into the middle of your output stream.

I'm guessing here, but I don't think the "Cookie:" header will be passed to the subrequest, since it's a separate request. In that case, you won't get any $ENV{HTTP_COOKIE} variable either, which fits the symptoms you describe.

SSI is fairly limited. You should probably be using a full CGI script to generate your entire page, or perhaps a templating system of some kind.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Comment on Re: SSI and reading a cookie only

Replies are listed 'Best First'.
Re^2: SSI and reading a cookie only by jfrm (Monk) on Jun 20, 2005 at 12:11 UTC
Dear Merlyn, Thanks for replying. I now have a solution to this question (well more correctly, I've understood why my question was a dud) which I will post in a sec. Regarding, the setting of a cookie, I puzzled over your paragraph for a few minutes, trying to understand what you were saying. In the end I decided that we were both saying the same thing but neither of us said it very well, me in particular. I don't understand why you bring MIME into this but that is probably my ignorance. But I wanted to fix what I said so that I don't mislead monks searching on this subject in the future. I think that you cannot set a cookie with an SSI script because the set-cookie command goes into the CGI header before the html starts. Since that's the only place the server looks for the set-cookie command, it is not going to find it in the output of the SSI which is embedded into the HTML.	[reply]
Re^3: SSI and reading a cookie only by merlyn (Sage) on Jun 20, 2005 at 13:06 UTC
No, you can't set a cookie in an SSI because the SSI headers are ignored (including your set-cookie header). I think I said this. You can put "scooby-doo: where are you?" in an SSI header, and you won't see it in your output. SSI headers are ignored. And my point about MIME type is that that's a typical header (in fact, mandatory). It has nothing at all to do with the timing of invoking the SSI. In fact, the SSI could be (and typically is) complete before the first byte has been sent to the browser. It's just that by decree, SSI headers don't matter (except a redirect, and maybe some other status values). -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]