martell has asked for the wisdom of the Perl Monks concerning the following question:

After tearing my hear out for more then 3 hours, i thought i share this little thing for novices who try to develop a website with cookies in perl. Battered monks will know this, but it isn't documented anywhere in the documentation around the apache2::cookie module

The thing is, novices start to program from a local machine. And just on this local machine, setting cookies is tricky. The browser seems not to get the cookie in some way.

I finally found the clue somewhere deep down the apache and php documentation. When you sending a cookie from a localhost the domain you should use is a blanc space aka " ". This allow the browser to accept the cookie from the local machine

Sending a cookie with apache2::cookie from a website on localhost, becomes: 

use Apache2::Cookie;

# make a cookie
Apache2::Cookie->new (
		$r,
		-name => 'my_name',
		-value => 'test',
		-path => '/',
		-domain => ' ', #this is the clue...
		-expires => '+15m',
	)->bake($r);
For using MasonX::Request::WithApacheSession, the same problem appears. You should be using something like following settings in your httpd.conf 
PerlSetVar MasonArgsMethod              mod_perl
PerlSetVar MasonRequestClass            MasonX::Request::WithApacheSession
PerlSetVar MasonSessionCookieDomain     " "
PerlSetVar MasonSessionClass            Apache::Session::File
PerlSetVar MasonSessionDirectory        /tmp/www/sessions/data
PerlSetVar MasonSessionLockDirectory    /tmp/www/sessions/locks
PerlSetVar MasonSessionUseCookie        1
I hope this helps novices like me in the futer. Any additional thoughts and remarks are appriciated
  • Comment on Sending Cookies from localhost with perl

Replies are listed 'Best First'.
Re: Sending Cookies from localhost with perl
by rowdog (Curate) on Apr 03, 2010 at 20:02 UTC

    Don't use domain? It's not required by RFC 2965 and the domain you supply is certainly not a valid one. As far as I know, localhost doesn't have a proper domain name.

    Apache2::Cookie says to see also CGI::Cookie which says

    Domain names must contain at least two periods to prevent attempts to match on top level domains like ".edu". If no domain is specified, then the browser will only return the cookie to servers on the host the cookie originated from.
    I also noticed a comment in the CGI::Cookie source which says 
    # IE requires the path and domain to be present for some reason.
$path   ||= "/";
# however, this breaks networks which use host tables without fully qu
+alified
# names, so we comment it out.
#    $domain = CGI::virtual_host()    unless defined $domain;

    [download]
    So I'm guessing that the root of your problem is an IE bug and that using a space as a domain name seems to work. Please be aware that this is a very specific kludge to a very specific problem (IE and localhost). I'm no expert on cookies but my reading of the RFC makes me think the proper value to use is .local, but I haven't tried it.

    Update: Fixed the RFC number.

[reply]
[d/l]

      I tried to use ".local" as in

      PerlSetVar MasonSessionCookieDomain ".local"

      But firefox didn't accept it. That was the thing that frustrated me most during my search. Whatever you tried "local", "", "localhost", "192.168.0.1", "127.0.0.1", ... It didn't work on my local machine. Only " " seems to work with firefox (using an ubuntu system).

      I didn't try it on a windows box or with other browsers.

      Kind regards

[reply]

        Don't use -domain. Firefox sees the space and just drops the domain altogether. If you look at the cookie details, you'll see that the domain is not set.

        Domain is used to allow cookies to be shared by more than one machine within one domain. E.G. www.example.org can set the example.org domain so media.example.org can use the same cookie. localhost doesn't have a valid domain so you'll have to settle for a host only cookie, which is what you will get from the non-standard -domain => " ".

        I wrongly guessed that you were using domain to get around the IE bug. Sorry about the windows slander ;^)

[reply]
[d/l]
Re: Sending Cookies from localhost with perl
by Anonymous Monk on Apr 02, 2010 at 23:28 UTC
    That looks like a problem specific to that mason module, definitely not localhost/perl
[reply]

Back to Seekers of Perl Wisdom