All geek questions in one place

Htaccess from www to non-www casting a variable to session / cookie

.htacces redirects from www.example.com to example.com (same domain without www.)
A returning visitor may have a visitor_id cookie in the user-agent.
I want to pass this value across domains in a cookie or session.
I tried this, but a cookie was created for the www domain

 RewriteCond %{HTTP_HOST} ^www.example.com RewriteCond %{HTTP_COOKIE} visitor_id=([^;]+) RewriteRule .* - [C,env=foo:%1] RewriteRule ^(.*) http://example.com [L,R=301] Header set Set-Cookie "visitor_id=%{foo}e; path=/" env=foo

In addition, the environment variable works on localhost (Apache 2.4.2, Win32), but in online mode (Apache 2.2.25, linux) the value in cookie is "%{foo}e" instead of the expected number.

Also tried with mod_session_cookie , but did not find practical examples.

How to redirect across domains by bringing visitor_id in a cookie or in a session cookie?

+4
source share
2 answers

Since the environment variables %{env} do not behave sequentially in different versions of Apache, I suggest setting a cookie with RewriteRule itself using the [CO] cookie flag.

 RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC] RewriteCond %{HTTP_COOKIE} visitor_id=([^;]+) [NC] RewriteRule .* $0/vid/%1 [C] # Appends the cookie value to the URL RewriteRule ^(.*)/vid/(.*)$ http://example.com/$1 [L,R=301,CO=visitor_id:$2:.example.com:14400:/]

Here is a list of the changes made to your .htaccess file:

  • RewriteCond matches are now case insensitive (using [NC] )

  • Points in %{HTTP_HOST} conditions have been escaped \. ( . matches any char otherwise)

  • The first RewriteRule adds a visitor id (captured as %1 ) to the URL (listed as $0 )

  • The last RewriteRule parses the visitor identifier from the URL (like $1 ) and performs a permanent redirect [R=301] to http://example.com along with writing a cookie named visitor_id using the [CO] flag.

The cookie rewrite flag syntax is as follows

 [CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly]

where specifying the values ​​for the name, value and domain is required. The default lifetime is 0 , which means that the cookie is only saved for the current browser session. The default path is / , secure and httponly is false .

The [CO] flag used indicates the domain as .example.com , so that the cookie is available to all hosts in the example.com domain. The lifetime is defined as 14400 , which is in minutes and therefore is 10 days.

+4
source

Cookies can be used in domains and subdomains .

If you have not set the domain cookie attribute, by default the cookie domain will be used as the fully qualified host name. Thus, custom targeting http://www.example.com receives a cookie with the domain www.example.com and after redirecting to example.com this cookie is no longer valid.

But if the cookie sent by your application on example.com or www.example.com contains:

 # Watchout there is a dot in front of the domain # required for old browsers to match subdomains domain=.example.com;

Then this cookie will be valid for both http://example.com and http://www.example.com (and in fact for any subdomain as well). The client will manage it automatically, without any difficulties in apache configuration.

Instead, the material is in the application responsible for generating cookie_host_id if this PHP application is defined by default in cookie_domain , but it can also be used in session_set_cookie_params using the function. Of course, such settings are also available for Java EE or .Net applications, in all web applications you can have some control over cookie domains.

This can be used for a simple single sign-on mechanism or for tracking visitors between sub-regions, as in your case, and this is a very reliable solution.

+1
source

Source: https://habr.com/ru/post/1496691/

More articles:


All Articles