cookie question

E

Eric

I'm playing around with cookies mostly as a learning experience.
I cant seem to get an html page to set a cookie. I'm a bit confused
about headers , which to send first etc.
Here's my strategy
....
<body>
<!--#exec-cgi="/cgi-bin/setcookie.cgi" -->
</body>

The cgi just writes
"Set-Cookie: hello=its_me" to stdout
My question is:
is this correct?

int main(void) {
printf("Set-Cookie: hello=its_me\n");
printf("Content-type: text/html\n\n");
return 0;
}

Because i dont see a cookie show up on disk on the client side.
And there are no errors in my apache 2.2 logs (linux based system)
And also, my client is IE6 on windows and its not blocking cookies.
I watch the cookies dir under Documents and settings and the cookie
never shows up, although i can see cookies arrive from other places
like google.
Can someone straighten me out here?
Thanks
Eric
 
R

Rob McAninch

Eric>:
I'm playing around with cookies mostly as a learning experience.
<body>
<!--#exec-cgi="/cgi-bin/setcookie.cgi" -->
</body>

The cgi just writes
"Set-Cookie: hello=its_me" to stdout
My question is:
is this correct?

Not as an SSI. At the point the cgi is executed the content-type
header has already been sent to the browser, too late for the
set-cookie header. You could still use JavaScript at this point
though (of course JS is now required to be enabled on the client
browser).

If you're entire page is created in CGI then just send out the
cookie header before the content-type.
 
J

Jim Hayter

Eric said:
I'm playing around with cookies mostly as a learning experience.
I cant seem to get an html page to set a cookie. I'm a bit confused
about headers , which to send first etc.
Here's my strategy
....
<body>
<!--#exec-cgi="/cgi-bin/setcookie.cgi" -->
</body>

The cgi just writes
"Set-Cookie: hello=its_me" to stdout
My question is:
is this correct?

int main(void) {
printf("Set-Cookie: hello=its_me\n");
printf("Content-type: text/html\n\n");
return 0;
}

Because i dont see a cookie show up on disk on the client side.
And there are no errors in my apache 2.2 logs (linux based system)
And also, my client is IE6 on windows and its not blocking cookies.
I watch the cookies dir under Documents and settings and the cookie
never shows up, although i can see cookies arrive from other places
like google.
Can someone straighten me out here?
Thanks
Eric

Just a thought. If you don't provide an expiration date, you may be
setting a session cookie. Session cookies don't get written to disk,
they are kept in memory so they go away at the end of the session.

HTH,
Jim
 
E

Eric

Rob said:
Eric>:


Not as an SSI. At the point the cgi is executed the content-type
header has already been sent to the browser, too late for the
set-cookie header. You could still use JavaScript at this point
though (of course JS is now required to be enabled on the client
browser).

If you're entire page is created in CGI then just send out the
cookie header before the content-type.
Is there another way to do this with cgi?
Eric
 
E

Eric

Jim said:
Just a thought. If you don't provide an expiration date, you may be
setting a session cookie. Session cookies don't get written to disk,
they are kept in memory so they go away at the end of the session.

HTH,
Jim
Good point, i have tried adding the various data to it, expires= or
Max-Age= etc and it didnt seem to help. But as is pointed out I'm
doing it too late on the page to have it succeed so i think thats
my main problem here
Thanks
Eric
 
E

Eric

Rob said:
Eric>:


Not as an SSI. At the point the cgi is executed the content-type
header has already been sent to the browser, too late for the
set-cookie header. You could still use JavaScript at this point
though (of course JS is now required to be enabled on the client
browser).


If you're entire page is created in CGI then just send out the
cookie header before the content-type.
How is that done? I mean i can see how a cgi can send out the entire page
but how do you create the originating page in such a way that the cgi
executes before sending out headers? (Seems like a chicken and egg thing)
Eric
 
T

Toby Inkster

Eric said:
how do you create the originating page in such a way that the cgi
executes before sending out headers?

CGI *always* executes before sending out headers. SSI always executes
*after* sending out headers. Don't use SSI. Use CGI.

= ~/public_html/cgi-bin/test.cgi ==============================
#!/usr/bin/perl

print "Set-Cookie: hello=its_me\n";

print <<CHUNK1;
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<title>Cookie</title>
<p>The cookie has been set to 'hello=its_me'!</p>
CHUNK1

$_ = $ENV{'COOKIES'};
print "<p>It used to be '$_'.</p>\n"
unless (length==0);
===============================================================

Then visit:

http://yoursite.example.com/cgi-bin/test.cgi
 
E

Eric

Toby said:
CGI *always* executes before sending out headers. SSI always executes
*after* sending out headers. Don't use SSI. Use CGI.

= ~/public_html/cgi-bin/test.cgi ==============================
#!/usr/bin/perl

print "Set-Cookie: hello=its_me\n";

print <<CHUNK1;
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<title>Cookie</title>
<p>The cookie has been set to 'hello=its_me'!</p>
CHUNK1

$_ = $ENV{'COOKIES'};
print "<p>It used to be '$_'.</p>\n"
unless (length==0);
===============================================================

Then visit:

http://yoursite.example.com/cgi-bin/test.cgi

Can you show me the html source that calls this cgi?

Thanks
Eric
 
M

Mark Parnell

Deciding to do something for the good of humanity, Eric
Ah, but that requires someone to click on it.

Or they could type the address in the address bar, etc. Same as getting
to any other page on this Interweb thingy.
I need to have this cgi run
when the page loads.

You misunderstood Toby. The cgi *is* the page. The entire page is
generated by the cgi script. So the address of the page is the address
of the cgi.
If i do <body onload="cgi-bin/my.cgi"> will that
satisfy the header requirement timing?

No - the headers are sent by the server before the content of the page.
If this is in the site's idex.html
file will it set a cookie on any client that comes to the site?

I highly doubt a cgi would run client-side at all, but even if it did it
would fail for anyone with client-side scripting disabled/unavailable.
 
E

Eric

Mark said:
Deciding to do something for the good of humanity, Eric


Or they could type the address in the address bar, etc. Same as getting
to any other page on this Interweb thingy.


You misunderstood Toby. The cgi *is* the page. The entire page is
generated by the cgi script. So the address of the page is the address
of the cgi.
This is what i dont get. Your telling me to generate the index.html page
using cgi? but the cgi cant run till its in a page and then your too late
the headers are long gone. or if i use a cgi to generate index.html then
what page causes execution of the cgi in the first place? thats what i
meant by chicken and the egg thing.
I think what this is boiling down to is that you cant set a cookie from
cgi. Am i right? I'm suspecting that the only way to do it is from some
javascript in a page
This cant be this complicated, people are setting cookies by the billions.
You should be able to do it from anywhere on a page it seems. ie, put a
form/button on a page, user clicks the button -gets a cookie set
or
user clicks a link, goes to new page, gets a cookie set by new page.
Eric
 
M

Mark Parnell

Deciding to do something for the good of humanity, Eric
This is what i dont get. Your telling me to generate the index.html page
using cgi?
Yes.

but the cgi cant run till its in a page

Why not? Just call it directly.
or if i use a cgi to generate index.html then
what page causes execution of the cgi in the first place?

When you visit that address. *Instead* of going to index.html, you go to
e.g. index.cgi. It works the same as any other server-side language.
E.g. my site uses PHP - the main page is called index.php instead of
index.html. The end user only sees the resulting HTML, but the HTML
(along with any headers, cookies, etc.) is generated by PHP.
 
E

Eric

Mark said:
Deciding to do something for the good of humanity, Eric


Why not? Just call it directly.


When you visit that address. *Instead* of going to index.html, you go to
e.g. index.cgi. It works the same as any other server-side language.
E.g. my site uses PHP - the main page is called index.php instead of
index.html. The end user only sees the resulting HTML, but the HTML
(along with any headers, cookies, etc.) is generated by PHP.
oh, ok, now i see what you mean. I'll write an index.cgi, make it the
default page in httpd.conf and let it set the cookie then it will also echo
out my original index.html
Thanks
Eric
 
M

Mark Parnell

Deciding to do something for the good of humanity, Eric
oh, ok, now i see what you mean. I'll write an index.cgi, make it the
default page in httpd.conf and let it set the cookie then it will also echo
out my original index.html
Exactly.

Thanks

You're welcome.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top