AOL Webserver - Returning a 301 status to the client

Author

Returning a 301 status to the client

Janine Sisk

2006-02-19, 8:15 am

This should be simple, but it's turning out not to be.

First I used this code, which I got from a post at openacs.org (and
the poster got it from the AOLserver docs for ns_respond):

set headers [ns_set new myheaders]
ns_set put $headers location $url
ns_respond -status $return_code -type text/plain -string Redirect -
headers $headers

This worked as far as the redirect and status code are concerned, but
cookies were no longer functioning.

I noticed that ad_set_cookie (an openacs proc) adds a key called Set-
Cookie to the "ns_conn outputheaders" set, so I tried this, hoping to
capture all possible relevant values:

set headers [ad_conn headers]
set outputheaders [ad_conn outputheaders]
set allheaders [ns_set merge $headers $outputheaders]
ns_set idelkey $allheaders location
ns_set put $allheaders location $url
ns_respond -status $return_code -type text/plain -string Redirect -
headers $allheaders

No improvement; cookies still don't work. BTW, I tried it with both
ns_conn and ad_conn but they both give the exact same output, so same
end result.

Any suggestions on what I might be doing wrong here?

I know that the best way to fix this would be to create an
ns_returnmoved function in AOLserver, but I was trying to avoid
having any of our clients using a customized version.

Thanks for any suggestions,

janine

Tom Jackson

2006-02-19, 8:15 am

Janine,

If you telnet into the page, what do you get sent back?

I'm not sure where in here you add the Set-Cookie header? Do you know that it
is in the output headers at the time you grab a copy of the set?

tom jackson

On Friday 17 February 2006 14:10, Janine Sisk wrote:
> This should be simple, but it's turning out not to be.
>
> First I used this code, which I got from a post at openacs.org (and
> the poster got it from the AOLserver docs for ns_respond):
>
> set headers [ns_set new myheaders]
> ns_set put $headers location $url
> ns_respond -status $return_code -type text/plain -string Redirect -
> headers $headers
>
> This worked as far as the redirect and status code are concerned, but
> cookies were no longer functioning.
>
> I noticed that ad_set_cookie (an openacs proc) adds a key called Set-
> Cookie to the "ns_conn outputheaders" set, so I tried this, hoping to
> capture all possible relevant values:
>
> set headers [ad_conn headers]
> set outputheaders [ad_conn outputheaders]
> set allheaders [ns_set merge $headers $outputheaders]
> ns_set idelkey $allheaders location
> ns_set put $allheaders location $url
> ns_respond -status $return_code -type text/plain -string Redirect -
> headers $allheaders
>
> No improvement; cookies still don't work. BTW, I tried it with both
> ns_conn and ad_conn but they both give the exact same output, so same
> end result.
>
> Any suggestions on what I might be doing wrong here?
>
> I know that the best way to fix this would be to create an
> ns_returnmoved function in AOLserver, but I was trying to avoid
> having any of our clients using a customized version.
>
> Thanks for any suggestions,
>
> janine
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the
> email message. You can leave the Subject: field of your email blank.

Janine Sisk

2006-02-19, 8:15 am

If I telnet in and do "GET /" I just get the HTML for the page, like
you would expect:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

and so forth. If I request the page that does the redirect I get

GET test.tcl
RedirectConnection closed by foreign host.

However if I request test.tcl in the browser I do get properly
redirected to test2.tcl. I am not very well versed in telnet
commands, so if there's something else I can do to get more info,
please let me know.

Yes, I have printed out the contents of outputheaders and the Set-
Cookie is there, but it doesn't make it through the redirect.

janine

On Feb 17, 2006, at 2:48 PM, Tom Jackson wrote:

> Janine,
>
> If you telnet into the page, what do you get sent back?
>
> I'm not sure where in here you add the Set-Cookie header? Do you
> know that it
> is in the output headers at the time you grab a copy of the set?
>
> tom jackson
>
> On Friday 17 February 2006 14:10, Janine Sisk wrote:
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the
> body of "SIGNOFF AOLSERVER" in the email message. You can leave the
> Subject: field of your email blank.

Tom Jackson

2006-02-19, 8:15 am

Janine,

So the command sequence I use goes like this:

$ telnet rmadilo.com 80
Trying 216.211.130.179...
Connected to rmadilo.com.
Escape character is '^]'.
GET /mypage HTTP/1.0
Host: rmadilo.com

HTTP/1.0 200 OK
Set-Cookie: SessionID = " 9A7EDDAAACCD226251DFC34240FA7A320FA7FE5C
" ; Max-Age =
911003711 ; Path=/
Set-Cookie2: SessionID = " 9A7EDDAAACCD226251DFC34240FA7A320FA7FE5C
" ; Max-Age
= 911003711 ; Path=/ ; Version = 1
Last-Modified: Mon, 09 May 2005 23:27:28 GMT
MIME-Version: 1.0
Date: Sat, 18 Feb 2006 00:24:49 GMT
Server: AOLserver/4.0.10
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
Connection: close

<a href="/files/">Files</a>

It is only necessary to use the Host: header if you use virtual hosting.

tom jackson

On Friday 17 February 2006 15:12, Janine Sisk wrote:
> If I telnet in and do "GET /" I just get the HTML for the page, like
> you would expect:
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
>
> and so forth. If I request the page that does the redirect I get
>
> GET test.tcl
> RedirectConnection closed by foreign host.
>
> However if I request test.tcl in the browser I do get properly
> redirected to test2.tcl. I am not very well versed in telnet
> commands, so if there's something else I can do to get more info,
> please let me know.
>
> Yes, I have printed out the contents of outputheaders and the Set-
> Cookie is there, but it doesn't make it through the redirect.
>
> janine
>
> On Feb 17, 2006, at 2:48 PM, Tom Jackson wrote:
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the
> email message. You can leave the Subject: field of your email blank.

Janine Sisk

2006-02-19, 8:15 am

OK, so here we go. test.tcl contains a single line, a call to
ad_returnredirect, which has been modified to use ns_respond instead
of ns_returnredirect.

GET /test.tcl HTTP/1.0

HTTP/1.0 302 Found
Set-Cookie: ad_session_id=80111002%2c0+%7b542+114022
4229
+57E9A3EA3E33AB40F47F8EA71184A3D012E347E
D%7d; Path=/; Max-Age=1200
location: http://temp.nybooks.com/test2.tcl
MIME-Version: 1.0
Date: Sat, 18 Feb 2006 00:37:09 GMT
Server: AOLserver/4.0.10
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 8
Connection: close

RedirectConnection closed by foreign host.

And if I request test2.tcl directly, I get

GET /test2.tcl HTTP/1.0

HTTP/1.0 200 OK
MIME-Version: 1.0
Content-Type: text/html
Set-Cookie: ad_session_id=80111202%2c0+%7b453+114022
4589
+962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200
Server: AOLserver/4.0

ns_conn headers - size = 0 

ad_conn headers - size = 0 

ns_conn outputheaders - size = 2 
key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453+114022
4589
+962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200 
key = Server, value = AOLserver/4.0 

ad_conn outputheaders - size = 2 
key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453+114022
4589
+962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200 
key = Server, value = AOLserver/4.0 
Connection closed by foreign host.

So Set-Cookie is there.

However, if I request test.tcl in the browser, I get redirected to
test2.tcl which prints out the output of ad/ns_conn headers and ad/
ns_conn outputheaders, where there is nary a Set-Cookie in sight.
Somehow it's getting lost along the way.

I'm perplexed.

janine

On Feb 17, 2006, at 3:45 PM, Tom Jackson wrote:

> Janine,
>
> So the command sequence I use goes like this:
>
> $ telnet rmadilo.com 80
> Trying 216.211.130.179...
> Connected to rmadilo.com.
> Escape character is '^]'.
> GET /mypage HTTP/1.0
> Host: rmadilo.com
>
> HTTP/1.0 200 OK
> Set-Cookie: SessionID =
> " 9A7EDDAAACCD226251DFC34240FA7A320FA7FE5C
" ; Max-Age =
> 911003711 ; Path=/
> Set-Cookie2: SessionID =
> " 9A7EDDAAACCD226251DFC34240FA7A320FA7FE5C
" ; Max-Age
> = 911003711 ; Path=/ ; Version = 1
> Last-Modified: Mon, 09 May 2005 23:27:28 GMT
> MIME-Version: 1.0
> Date: Sat, 18 Feb 2006 00:24:49 GMT
> Server: AOLserver/4.0.10
> Content-Type: text/html; charset=iso-8859-1
> Content-Length: 29
> Connection: close
>
> <a href="/files/">Files</a>
>
>
> It is only necessary to use the Host: header if you use virtual
> hosting.
>
> tom jackson
>
>
>
>
>
>
> On Friday 17 February 2006 15:12, Janine Sisk wrote:
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the
> body of "SIGNOFF AOLSERVER" in the email message. You can leave the
> Subject: field of your email blank.

Tom Jackson

2006-02-19, 8:15 am

Janine,

I would try the second request via telnet, but send the cookie value you
received on the first request. Are you sure that OACS sends the Set-Cookie
header on every request? Maybe it doesn't do it since the cookie is already
there?

tom jackson

GET /test.tcl HTTP/1.0
Host: temp.nybooks.com
Cookie:
ad_session_id=80111002%2c0+%7b542+114022
4229+57E9A3EA3E33AB40F47F8EA71184A3D012E
347ED%7d;

On Friday 17 February 2006 16:44, Janine Sisk wrote:
> OK, so here we go. test.tcl contains a single line, a call to
> ad_returnredirect, which has been modified to use ns_respond instead
> of ns_returnredirect.
>
> GET /test.tcl HTTP/1.0
>
> HTTP/1.0 302 Found
> Set-Cookie: ad_session_id=80111002%2c0+%7b542+114022
4229
> +57E9A3EA3E33AB40F47F8EA71184A3D012E347E
D%7d; Path=/; Max-Age=1200
> location: http://temp.nybooks.com/test2.tcl
> MIME-Version: 1.0
> Date: Sat, 18 Feb 2006 00:37:09 GMT
> Server: AOLserver/4.0.10
> Content-Type: text/plain; charset=iso-8859-1
> Content-Length: 8
> Connection: close
>
> RedirectConnection closed by foreign host.
>
> And if I request test2.tcl directly, I get
>
> GET /test2.tcl HTTP/1.0
>
> HTTP/1.0 200 OK
> MIME-Version: 1.0
> Content-Type: text/html
> Set-Cookie: ad_session_id=80111202%2c0+%7b453+114022
4589
> +962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200
> Server: AOLserver/4.0
>
> ns_conn headers - size = 0 
> 
> ad_conn headers - size = 0 
> 
> ns_conn outputheaders - size = 2 
> key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453+114022
4589
> +962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200 
> key = Server, value = AOLserver/4.0 
> 
> ad_conn outputheaders - size = 2 
> key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453+114022
4589
> +962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200 
> key = Server, value = AOLserver/4.0 
> Connection closed by foreign host.
>
> So Set-Cookie is there.
>
> However, if I request test.tcl in the browser, I get redirected to
> test2.tcl which prints out the output of ad/ns_conn headers and ad/
> ns_conn outputheaders, where there is nary a Set-Cookie in sight.
> Somehow it's getting lost along the way.
>
> I'm perplexed.
>
> janine
>
> On Feb 17, 2006, at 3:45 PM, Tom Jackson wrote:
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the
> email message. You can leave the Subject: field of your email blank.

Janine Sisk

2006-02-19, 8:15 am

Well no, I'm not sure that it sends the Set-Cookie header on every
request. But something about the change I made is causing OACS to
act as though the browser has cookies turned off, so I kind of zeroed
in on that. If there are other things that could cause that symptom
I should look at those too, I just didn't know what they might be.

janine

On Feb 17, 2006, at 5:24 PM, Tom Jackson wrote:

> Janine,
>
> I would try the second request via telnet, but send the cookie
> value you
> received on the first request. Are you sure that OACS sends the Set-
> Cookie
> header on every request? Maybe it doesn't do it since the cookie is
> already
> there?
>
> tom jackson
>
> GET /test.tcl HTTP/1.0
> Host: temp.nybooks.com
> Cookie:
> ad_session_id=80111002%2c0+%7b542+114022
4229
> +57E9A3EA3E33AB40F47F8EA71184A3D012E347E
D%7d;
>
>
>
>
> On Friday 17 February 2006 16:44, Janine Sisk wrote:
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the
> body of "SIGNOFF AOLSERVER" in the email message. You can leave the
> Subject: field of your email blank.

Tom Jackson

2006-02-19, 8:15 am

Janine,
I think I answered the wrong question. It might be the browser, or the form of
the cookie, which the browser doesn't like.
My cookie code puts the path after max-age. It also quotes the cookie value.
You do have some interesting characters in the cookie value, maybe the need
to be quoted or escaped? Of course telnet doesn't care what it sends, so you
can send the cookie along and it will not test the browser, only the server.
You might be able to look at the browser information on the page. Even if the
cookie was malformed, parts of it might be present, just to let you know if
it at least gets saved by the browser.

I discovered a bug in the Mozilla browser codebase where you could not quote
the Max-Age value or the Path value. Quoting the path caused the browser to
not recognize it needed to send the cookie. Quoting Max-Age lead to the
cookie becoming a session cookie. But it doesn't look like you have those
issues, so maybe the order of the attributes or the non-quoting of the cookie
value, or something else.

tom jackson

On Friday 17 February 2006 16:44, Janine Sisk wrote:
> OK, so here we go. test.tcl contains a single line, a call to
> ad_returnredirect, which has been modified to use ns_respond instead
> of ns_returnredirect.
>
> GET /test.tcl HTTP/1.0
>
> HTTP/1.0 302 Found
> Set-Cookie: ad_session_id=80111002%2c0+%7b542+114022
4229
> +57E9A3EA3E33AB40F47F8EA71184A3D012E347E
D%7d; Path=/; Max-Age=1200
> location: http://temp.nybooks.com/test2.tcl
> MIME-Version: 1.0
> Date: Sat, 18 Feb 2006 00:37:09 GMT
> Server: AOLserver/4.0.10
> Content-Type: text/plain; charset=iso-8859-1
> Content-Length: 8
> Connection: close
>
> RedirectConnection closed by foreign host.
>
> And if I request test2.tcl directly, I get
>
> GET /test2.tcl HTTP/1.0
>
> HTTP/1.0 200 OK
> MIME-Version: 1.0
> Content-Type: text/html
> Set-Cookie: ad_session_id=80111202%2c0+%7b453+114022
4589
> +962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200
> Server: AOLserver/4.0
>
> ns_conn headers - size = 0 
> 
> ad_conn headers - size = 0 
> 
> ns_conn outputheaders - size = 2 
> key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453+114022
4589
> +962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200 
> key = Server, value = AOLserver/4.0 
> 
> ad_conn outputheaders - size = 2 
> key = Set-Cookie, value = ad_session_id=80111202%2c0+%7b453+114022
4589
> +962CB2C08C8F3888B4A1FF91770F02814E70BB4
5%7d; Path=/; Max-Age=1200 
> key = Server, value = AOLserver/4.0 
> Connection closed by foreign host.
>
> So Set-Cookie is there.
>
> However, if I request test.tcl in the browser, I get redirected to
> test2.tcl which prints out the output of ad/ns_conn headers and ad/
> ns_conn outputheaders, where there is nary a Set-Cookie in sight.
> Somehow it's getting lost along the way.
>
> I'm perplexed.

Tom Jackson

2006-02-19, 8:15 am

Janine,

Now I'm getting confused. If the browser or the telnet sends the cookie it
just received, the outputheaders on test2.tcl don't include a set-cookie
header. So it isn't in the outputheaders I guess. I just did this:

tom@maria:/media/floppy> telnet temp.nybooks.com 80
Trying 209.162.194.75...
Connected to temp.nybooks.com.
Escape character is '^]'.
GET /test.tcl HTTP/1.0
Host: temp.nybooks.com

HTTP/1.0 302 Found
Host: temp.nybooks.com
Set-Cookie:
ad_session_id=80111104%2c0+%7b663+114022
8924+1E0DA0457345E6F9CE3F6D34E60EA76197B
8858D%7d;
Path=/; Max-Age=1200
location: http://temp.nybooks.com/test2.tcl
MIME-Version: 1.0
Date: Sat, 18 Feb 2006 01:55:24 GMT
Server: AOLserver/4.0.10
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 8
Connection: close

RedirectConnection closed by foreign host.
tom@maria:/media/floppy> telnet temp.nybooks.com 80
Trying 209.162.194.75...
Connected to temp.nybooks.com.
Escape character is '^]'.
GET /test2.tcl HTTP/1.0
Host: temp.nybooks.com
Cookie:
ad_session_id=80111104%2c0+%7b663+114022
8924+1E0DA0457345E6F9CE3F6D34E60EA76197B
8858D%7d;

HTTP/1.0 200 OK
MIME-Version: 1.0
Content-Type: text/html
Server: AOLserver/4.0

ns_conn headers - size = 2 
key = Host, value = temp.nybooks.com 
key = Cookie, value =
ad_session_id=80111104%2c0+%7b663+114022
8924+1E0DA0457345E6F9CE3F6D34E60EA76197B
8858D%7d; 

ad_conn headers - size = 2 
key = Host, value = temp.nybooks.com 
key = Cookie, value =
ad_session_id=80111104%2c0+%7b663+114022
8924+1E0DA0457345E6F9CE3F6D34E60EA76197B
8858D%7d; 

ns_conn outputheaders - size = 1 
key = Server, value = AOLserver/4.0 

ad_conn outputheaders - size = 1 
key = Server, value = AOLserver/4.0 
Connection closed by foreign host.

My browser shows the same behavior as telnet. OACS isn't filling the
outputheader with the set-cookie if the browser/client has a cookie.

tom jackson

On Friday 17 February 2006 17:35, Janine Sisk wrote:
> Well no, I'm not sure that it sends the Set-Cookie header on every
> request. But something about the change I made is causing OACS to
> act as though the browser has cookies turned off, so I kind of zeroed
> in on that. If there are other things that could cause that symptom
> I should look at those too, I just didn't know what they might be.
>
> janine
>
> On Feb 17, 2006, at 5:24 PM, Tom Jackson wrote:
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the
> email message. You can leave the Subject: field of your email blank.

Janine Sisk

2006-02-19, 8:15 am

I may have started you on the proverbial wild goose chase with this
cookie stuff, so let's start over.

There are two main differences between a page sent to the browser via
ns_returnredirect vs one sent by ns_respond. ns_returnredirect puts
together a small HTML page and sends it off to the browser with
content type text/html, using the header data that's already in the
conn data structure. ns_respond takes the set of headers passed to
it, replaces the headers in conn with the ones that are passed in,
and then sends the string off to the browser. So the two significant
differences are the handling of the headers, and that
ns_returnredirect sends a properly formed HTML page whereas my use of
ns_respond sends only the word "Redirect". My hunch is that the
former is the problem.

So could there be something about the way the -headers argument to
ns_respond is handled that is somehow garbling the data? Could Tcl
be doing something to it as it's being passed along?

janine

On Feb 17, 2006, at 6:03 PM, Tom Jackson wrote:

> Janine,
>
> Now I'm getting confused. If the browser or the telnet sends the
> cookie it
> just received, the outputheaders on test2.tcl don't include a set-
> cookie
> header. So it isn't in the outputheaders I guess. I just did this:
>
> tom@maria:/media/floppy> telnet temp.nybooks.com 80
> Trying 209.162.194.75...
> Connected to temp.nybooks.com.
> Escape character is '^]'.
> GET /test.tcl HTTP/1.0
> Host: temp.nybooks.com
>
> HTTP/1.0 302 Found
> Host: temp.nybooks.com
> Set-Cookie:
> ad_session_id=80111104%2c0+%7b663+114022
8924
> +1E0DA0457345E6F9CE3F6D34E60EA76197B8858
D%7d;
> Path=/; Max-Age=1200
> location: http://temp.nybooks.com/test2.tcl
> MIME-Version: 1.0
> Date: Sat, 18 Feb 2006 01:55:24 GMT
> Server: AOLserver/4.0.10
> Content-Type: text/plain; charset=iso-8859-1
> Content-Length: 8
> Connection: close
>
> RedirectConnection closed by foreign host.
> tom@maria:/media/floppy> telnet temp.nybooks.com 80
> Trying 209.162.194.75...
> Connected to temp.nybooks.com.
> Escape character is '^]'.
> GET /test2.tcl HTTP/1.0
> Host: temp.nybooks.com
> Cookie:
> ad_session_id=80111104%2c0+%7b663+114022
8924
> +1E0DA0457345E6F9CE3F6D34E60EA76197B8858
D%7d;
>
> HTTP/1.0 200 OK
> MIME-Version: 1.0
> Content-Type: text/html
> Server: AOLserver/4.0
>
> ns_conn headers - size = 2 
> key = Host, value = temp.nybooks.com 
> key = Cookie, value =
> ad_session_id=80111104%2c0+%7b663+114022
8924
> +1E0DA0457345E6F9CE3F6D34E60EA76197B8858
D%7d; 
> 
> ad_conn headers - size = 2 
> key = Host, value = temp.nybooks.com 
> key = Cookie, value =
> ad_session_id=80111104%2c0+%7b663+114022
8924
> +1E0DA0457345E6F9CE3F6D34E60EA76197B8858
D%7d; 
> 
> ns_conn outputheaders - size = 1 
> key = Server, value = AOLserver/4.0 
> 
> ad_conn outputheaders - size = 1 
> key = Server, value = AOLserver/4.0 
> Connection closed by foreign host.
>
> My browser shows the same behavior as telnet. OACS isn't filling the
> outputheader with the set-cookie if the browser/client has a cookie.
>
> tom jackson
>
>
> On Friday 17 February 2006 17:35, Janine Sisk wrote:
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the
> body of "SIGNOFF AOLSERVER" in the email message. You can leave the
> Subject: field of your email blank.

Tom Jackson

2006-02-19, 8:15 am

Janine,

But when I send the telnet request, with the Cookie: header, I get the same
thing as when I use a browser. The target page test2.tcl doesn't include the
Set-Cookie header in response.

Is this what you want to happen or not?

Here is what I think is happening:

The client sends a request with a Cookie header (not Set-Cookie), so OACS
knows who the user is. For some reason, this causes OACS to not include a
Set-Cookie header for return to the client.

I'm still not quite sure what the actual problem is that caused you to look
into this, so maybe there is another issue besides this one.

But the browser is working exactly like telnet if you include the Cookie
header with the telnet request for test2.tcl. Nothing is wrong with the way
the browser is working.

But I think that OACS should probably be updating the cookie value so that the
new expiration time will take effect. What code is deciding when to set the
header? If OACS doesn't do this update, then eventually the 1200 seconds will
expire and the browser will no longer send that cookie. At that point OACS
will issue a new cookie and probably force the user to login again. Is that
the behavior you are seeing?

tom jackson

On Friday 17 February 2006 18:30, Janine Sisk wrote:
> I may have started you on the proverbial wild goose chase with this
> cookie stuff, so let's start over.
>
> There are two main differences between a page sent to the browser via
> ns_returnredirect vs one sent by ns_respond. ns_returnredirect puts
> together a small HTML page and sends it off to the browser with
> content type text/html, using the header data that's already in the
> conn data structure. ns_respond takes the set of headers passed to
> it, replaces the headers in conn with the ones that are passed in,
> and then sends the string off to the browser. So the two significant
> differences are the handling of the headers, and that
> ns_returnredirect sends a properly formed HTML page whereas my use of
> ns_respond sends only the word "Redirect". My hunch is that the
> former is the problem.
>
> So could there be something about the way the -headers argument to
> ns_respond is handled that is somehow garbling the data? Could Tcl
> be doing something to it as it's being passed along?
>
> janine
>
> On Feb 17, 2006, at 6:03 PM, Tom Jackson wrote:
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the
> email message. You can leave the Subject: field of your email blank.

Janine Sisk

2006-02-19, 8:15 am

Tom,

The problem is that when ad_returnredirect is using ns_respond
instead of ns_returnredirect, cookies don't work. When you try to
log in, you just keep getting sent back to the login page. And if
you try to put something in your cart, you get the message about
cookies being disabled. Since the change doesn't affect the cookie's
being set in the first place, my assumption is that it's not making
it intact through the redirect.

janine

On Feb 17, 2006, at 10:24 PM, Tom Jackson wrote:

> Janine,
>
> But when I send the telnet request, with the Cookie: header, I get
> the same
> thing as when I use a browser. The target page test2.tcl doesn't
> include the
> Set-Cookie header in response.
>
> Is this what you want to happen or not?
>
> Here is what I think is happening:
>
> The client sends a request with a Cookie header (not Set-Cookie),
> so OACS
> knows who the user is. For some reason, this causes OACS to not
> include a
> Set-Cookie header for return to the client.
>
> I'm still not quite sure what the actual problem is that caused you
> to look
> into this, so maybe there is another issue besides this one.
>
> But the browser is working exactly like telnet if you include the
> Cookie
> header with the telnet request for test2.tcl. Nothing is wrong with
> the way
> the browser is working.
>
> But I think that OACS should probably be updating the cookie value
> so that the
> new expiration time will take effect. What code is deciding when to
> set the
> header? If OACS doesn't do this update, then eventually the 1200
> seconds will
> expire and the browser will no longer send that cookie. At that
> point OACS
> will issue a new cookie and probably force the user to login again.
> Is that
> the behavior you are seeing?
>
> tom jackson
>
> On Friday 17 February 2006 18:30, Janine Sisk wrote:
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the
> body of "SIGNOFF AOLSERVER" in the email message. You can leave the
> Subject: field of your email blank.

Tom Jackson

2006-02-19, 8:15 am

Janine,

Okay, so the problem you are seeing must be somewhere else, because when I
visit test.tcl with a firefox browser, I get redirected to test2.tcl and I
have a cookie set and it sends the cookie back to the server, which is read
by test2.tcl.

The type of cookie is a session cookie, which will expire in 1200 sec. The
only thing that looks weird to me is that I would think that OACS should send
a similar cookie which also expires in 1200 sec so that a user who is
grabbing a page ever 20 minutes stays logged in. Right now it looks like that
doesn't happen.

Maybe the redirect is to a different domain that isn't covered by the cookie?
Or the cookie is set in https as secure, but the user is redirected to http?

But I don't see the issue from what you have presented so far.

I will say that this reminds me of <http://www.washingtonpost.com/>, which for
whatever reason doesn't accept cookies from my konqurer browser. Does exactly
what you describe here. So you might at the very least test in another
browser from a separate code base than whatever you use, which you probably
have already done.

tom jackson

On Saturday 18 February 2006 00:08, Janine Sisk wrote:
> Tom,
>
> The problem is that when ad_returnredirect is using ns_respond
> instead of ns_returnredirect, cookies don't work. When you try to
> log in, you just keep getting sent back to the login page. And if
> you try to put something in your cart, you get the message about
> cookies being disabled. Since the change doesn't affect the cookie's
> being set in the first place, my assumption is that it's not making
> it intact through the redirect.

Janine Sisk

2006-02-19, 8:15 am

It has to be related to changing from ns_returnredirect to
ns_respond. Because the former works, and the latter doesn't, and
nothing else is changing. I can flip between the two and make
cookies work, or not work. There is something different about what
ns_respond does, I just don't know what it is.

janine

On Feb 18, 2006, at 8:17 AM, Tom Jackson wrote:

> Janine,
>
> Okay, so the problem you are seeing must be somewhere else, because
> when I
> visit test.tcl with a firefox browser, I get redirected to
> test2.tcl and I
> have a cookie set and it sends the cookie back to the server, which
> is read
> by test2.tcl.
>
> The type of cookie is a session cookie, which will expire in 1200
> sec. The
> only thing that looks weird to me is that I would think that OACS
> should send
> a similar cookie which also expires in 1200 sec so that a user who is
> grabbing a page ever 20 minutes stays logged in. Right now it looks
> like that
> doesn't happen.
>
> Maybe the redirect is to a different domain that isn't covered by
> the cookie?
> Or the cookie is set in https as secure, but the user is redirected
> to http?
>
> But I don't see the issue from what you have presented so far.
>
> I will say that this reminds me of <http://www.washingtonpost.com/
> whatever reason doesn't accept cookies from my konqurer browser.
> Does exactly
> what you describe here. So you might at the very least test in another
> browser from a separate code base than whatever you use, which you
> probably
> have already done.
>
> tom jackson
>
> On Saturday 18 February 2006 00:08, Janine Sisk wrote:
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the
> body of "SIGNOFF AOLSERVER" in the email message. You can leave the
> Subject: field of your email blank.

Tom Jackson

2006-02-19, 8:15 am

Janine,

I don't know if this is a problem or not, but you are not including the length
of the request in your ns_respond. So the Content-Length header is missing
there. Otherwise your example looks like the doc example:
<http://rmadilo.com/files/nsapi/ns_respond.html>

tom jackson

On Saturday 18 February 2006 09:51, Janine Sisk wrote:
> It has to be related to changing from ns_returnredirect to
> ns_respond. Because the former works, and the latter doesn't, and
> nothing else is changing. I can flip between the two and make
> cookies work, or not work. There is something different about what
> ns_respond does, I just don't know what it is.
>
> janine
>
> On Feb 18, 2006, at 8:17 AM, Tom Jackson wrote:
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <listserv@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the
> email message. You can leave the Subject: field of your email blank.