Calling headers_out on a CGI object won't work...  You didn't say whether you're using CGI-style scripts (via ModPerl::Registry) or the mod_perl API, so I mentioned both variants.  In the latter case, you don't need CGI (nor CGI::Simple), i.e. you'd simply call headers_out on the object provided by Apache2::RequestRec.

Also see Generating HTTP Response Headers

Hello almut,

I totally applicate your time and effort in assisting me in this what I thought was a simple action.

But I must be missing something and its looking right at me but I'm perl blind.

So I have included the code I been using, please I know this is not the best approach on some things.

The code is not complete, I stopped due to not able to drop a cookie to the client browser,
after that I will check if cookie is valid and all that good stuff.

package Apache2::CookieClient;
use strict;
use CGI::Carp qw/fatalsToBrowser/;
use CGI::Cookie;
use Crypt::CBC; # Calls MD5 from inside the package
use DBI; # for SQL Server database connection
use CGI qw(:standard);
use Apache2::RequestRec (); # for $r->content_type
use Apache2::Connection (); # for $c->remote_ip
use Apache2::Const -compile => ':common';
sub handler
{
my $r = shift;
my $c = $r->connection();
my $uri = $r->uri(); #incoming URL
my $product = $r->dir_config('product'); #Var to grab product
## Cookie Vars.
my $query = new CGI();
my $your_host_name = $query->remote_host();
my $new_cookie_product;
my $retreived_cookie;
my $encryption_key = $product; #You make up this phrase
my $plaintext = $your_host_name . "::" . $product;
my $retrieved_decrypted;
my $cipher = new Crypt::CBC($encryption_key);
my $retval = 0;
my $skip_it = 0;


## When this cookie ever gets sent the browser
$retreived_cookie = cookie('<companyname>' . $product); # Grabs the cookie

## No Cookie, need to check if they have IP access
if (!$retreived_cookie) {
if ( check_ip($c->remote_ip(), $product) )
{
$new_cookie_product = new_cookie($product,$plaintext,$cipher);
### I have tried everything I have seen/read and I can't make it add a cookie to client browser
$r->headers_out->add('Set-Cookie' => $new_cookie_product);
#Send them on there marry way
return Apache2::Const::OK;
}
else # No IP matchs for that product, need to username login
{
#Send them to Login Page
return Apache2::Const::OK;
}
}


sub new_cookie {
my($product, $plaintext,$cipher) = @_;
my $ciphertext = $cipher->encrypt_hex($plaintext);
return new CGI::Cookie(
-name=>'<companyname>' . $product,
-value=>$ciphertext,
-path=>'/',
-expires=>''
);

}


sub check_ip
{
##Check IP to Product code, query request to SQL SERVER to authenicate
#returns a 0 = no access or a 1 = access granted
my ($ip, $product) = @_;
my $user;
my $conn = DBI->connect("DBI:Sybase:<servername>", "<username>", "<password>") || die DBI->errstr;
$conn->do("use <databasename>") || die DBI->errstr;
my $qry = "exec <StoredProcedure>'" . $ip . "','" . $product . "'";
my $smt = $conn->prepare($qry) || die DBI->errstr;
$smt->execute() || die DBI->errstr;
while(my $var = $smt->fetchrow_arrayref)
{
$user = $var->[0];
}

$smt = undef;
$conn->disconnect;
return $user;
}
}
1;

So is the 'Set-Cookie' header actually being sent, if you check with a tool like LiveHTTPHeaders?  In case it is, the problem lies elsewhere (e.g. cookies being disabled in the browser, etc.). Otherwise, if the problem turns out to be with your code / mod_perl / Apache (i.e. you don't see 'Set-Cookie' in the response headers), you could first try to play with a plain old CGI script (outside of mod_perl)...  in order to verify that cookies in general are working as expected.

___

BTW, any specific reason to keep not using code tags, to format your nodes properly?  :)  It's really as simple as

<c>
... your (verbatim) code here ...
</c>
[download]

It's not only easier than putting lots of <br /> as linefeeds and escaping stuff yourself, it also makes the code easier to read because indentation is being preserved.