Gibble has asked for the wisdom of the Perl Monks concerning the following question:

I am running Apache on a WinME machine w/Active State Perl installed. Everything works fine from my machine and some other people have tested the scripts over the net and they work fine but ... one person using Win2k has noted that it wouldn't allow him to log into the site. Authorization to my site is done by storing a cookie on there computer when they login and removing it when they logout. Existence and validity of this cookie is checked at the start of all scripts. I noticed when looking at the Apache Access.Log file that this user is talking with HTTP/1.0 while everything else is HTTP/1.1. Is this a problem with my Perl script (btw. I'm using the pm: CGI) Or is this a limitation of Apache? Or is it a setting on the users computer that causes cookies not to be stored when using 1.0? I am lost as too where to start.

Replies are listed 'Best First'.
Re: HTTP/1.0 HTTP/1.1
by Fastolfe (Vicar) on Dec 19, 2000 at 08:02 UTC
    Discrepancies between HTTP versions should have nothing at all to do with your problem. It is perfectly fine to see differing versions are you're noticing.

    It's certainly possible that the user's security or cookie settings are rejecting the cookies before they even get a chance to. Some naive users will read on one site that cookies are evil, disable them, and then forget about the whole concept a day later. It could be any number of things. I'd check to be sure everything it's enabled in their browser (security settings? "advanced" settings?), and failing that, see if you can get at the raw HTTP traffic (or at least what the script is reading from the browser and what it is sending back) and look for any anomalies.

[reply]
Re: HTTP/1.0 HTTP/1.1
by snax (Hermit) on Dec 19, 2000 at 05:00 UTC
    Here's a suggestion, not perl related.

    In the standard config setup there's a "BrowserMatch" declaration that forces 1.0 negotiations with certain MSIE browsers -- used to be just the "MSIE 4\.0b" regex that it would look for but I've seen recommendations to make this match all MSIE browsers. In any event, look for BrowserMatch directives in httpd.conf that include downgrade-1.0 and/or force-response-1.0 operations.

[reply]
Re: HTTP/1.0 HTTP/1.1
by wardk (Deacon) on Dec 19, 2000 at 19:37 UTC

    While I am unsure of the helpfulness of this comment, my former project used Netscape Enterprise 3.6/Activestate Perl using HTTPS on NT4. The site used an encrypted cookie login/session management scheme.

    This site worked great with both IE and NS. Until the user base upgraded their IE to 5.x, at which point, you could login, but not stay logged in as every POST sent you right back to login, indicating a serious issue with our cookies.

    We "solved" the issue by just forcing IE to use HTTP 1.0 in the preferences/internet options (it was defaulting to HTTP 1.1) I have no idea if this was ever resolved (the aparent bug in IE), as we just forced IE users to adjust and declared victory. At the time it only affected a few users and we did not have the resources to do anything more (like debug MS software).

    you may want to give this a try, if you haven't already...good luck!

[reply]
Re: HTTP/1.0 HTTP/1.1
by Gibble (Novice) on Dec 19, 2000 at 20:29 UTC
    We are all using IE 5.5 if this helps
[reply]

Back to Seekers of Perl Wisdom