in reply to [OT] 302 redirect after login result cookie lost?

just let everyone know that if i set expire time to '+2h', the cookie is set correctly on IE and FF. once set back to '+1h' it stop working..
  • Comment on Re: [OT] 302 redirect after login result cookie lost?

Replies are listed 'Best First'.
Re^2: [OT] 302 redirect after login result cookie lost?
by thoglette (Scribe) on Apr 28, 2009 at 04:47 UTC
    The answer is in
    The HTTP 1.0 standard per http://www.w3.org/Protocols/rfc2109/rfc2109 in section "4.3.5 Sending Cookies in Unverifiable Transactions" says that cookies should not be set from unverifiable transactions. It states specifically that "Unverifiable transactions typically arise when a user agent automatically requests inlined or embedded entities or when it resolves redirection (3xx) responses from an origin server." So, "Set-Cookie" is not to be acted upon by browsers / user agents for 3xx redirects. Nothing in HTTP 1.1 changes this part of HTTP.
    http://www.ietf.org/rfc/rfc2965.txt doesn't really change this
    Thanks to
  • http://www.persistall.com/archive/2008/01/25/cookies--redirects--nightmares.aspx
  • http://jhottengineering.blogspot.com/2009/02/ie-post-and-redirect-errors.html

    Butlerian Jihad now!
[reply]

In Section Seekers of Perl Wisdom