Is it possible to set the same header several times for different values?
73 views
Skip to first unread message
Hitmark7
Jul 8, 2016, 4:50:05 AM7/8/16
to Haxe
Hi everyone.
I have found that the neko.Web.setHeader and php.Web.setHeader work like a "map". You can set many times the same header but only the last value will be sended. I have made my own implementation for the Set-Cookie header, but I need to "add" instead of "set" that header, because if I send two cookies I need two Set-Cookie headers.
The PHP function header has a parameter for allowing more than one header with the same key. But in the Neko case, I think a workaround is impossible since the cgi.set_header does not permit that. Definetly, neither the Haxe neko.Web.setHeader nor the php.Web.setHeader can be used for my needs. A low level function for adding any type of header without further checks would be great, but I think that does not exists due to security reasons.
I have been avoiding the Haxe x.Web.setCookie methods because I build the Set-Cookie header value string myself. Calling x.Web.setCookie only with two arguments, the "Set-Cookie" key and the completely formatted value string, works for Neko, but not for PHP. It percent-encodes the value, and hence my semicolons.
Any ideas for achieving this without reimplementing my header and cookie mechanism (sigh)?
Thanks in advance.
I have found that the neko.Web.setHeader and php.Web.setHeader work like a "map". You can set many times the same header but only the last value will be sended. I have made my own implementation for the Set-Cookie header, but I need to "add" instead of "set" that header, because if I send two cookies I need two Set-Cookie headers.
The PHP function header has a parameter for allowing more than one header with the same key. But in the Neko case, I think a workaround is impossible since the cgi.set_header does not permit that. Definetly, neither the Haxe neko.Web.setHeader nor the php.Web.setHeader can be used for my needs. A low level function for adding any type of header without further checks would be great, but I think that does not exists due to security reasons.
I have been avoiding the Haxe x.Web.setCookie methods because I build the Set-Cookie header value string myself. Calling x.Web.setCookie only with two arguments, the "Set-Cookie" key and the completely formatted value string, works for Neko, but not for PHP. It percent-encodes the value, and hence my semicolons.
Any ideas for achieving this without reimplementing my header and cookie mechanism (sigh)?
Thanks in advance.
Andreas Mokros
Jul 8, 2016, 5:38:31 AM7/8/16
to haxe...@googlegroups.com
Hi.
On Fri, 8 Jul 2016 01:50:05 -0700 (PDT)
Hitmark7 <hitm...@gmail.com> wrote:
> the "Set-Cookie" key and the completely formatted value
> string, works for Neko, but not for PHP. It percent-encodes the value, and
> hence my semicolons.
I don't know what cookie values you are sending there but the problem seems to
be that PHP's setcookie function which is used by Web.setCookie urlencodes the
value by default and Neko apparently does not.
PHP also has a setrawcookie function that does not urlencode the value. So you
might get the same behavior for PHP if you simply replace setcookie with
setrawcookie here:
https://github.com/HaxeFoundation/haxe/blob/development/std/php/Web.hx#L273
-- Mockey
On Fri, 8 Jul 2016 01:50:05 -0700 (PDT)
Hitmark7 <hitm...@gmail.com> wrote:
> the "Set-Cookie" key and the completely formatted value
> string, works for Neko, but not for PHP. It percent-encodes the value, and
> hence my semicolons.
be that PHP's setcookie function which is used by Web.setCookie urlencodes the
value by default and Neko apparently does not.
PHP also has a setrawcookie function that does not urlencode the value. So you
might get the same behavior for PHP if you simply replace setcookie with
setrawcookie here:
https://github.com/HaxeFoundation/haxe/blob/development/std/php/Web.hx#L273
-- Mockey
Hitmark7
Jul 8, 2016, 6:09:20 AM7/8/16
to Haxe
Hi Mockey.
The setrawcookie looks promising. I think I can "hack" the things a bit in order to "#if php" do not use the native php.Web.setcookie, but a custom method that uses setrawcookie. I would prefer the low level addHeader as I said before, but this will work for me by now.
Thank you very much!
The setrawcookie looks promising. I think I can "hack" the things a bit in order to "#if php" do not use the native php.Web.setcookie, but a custom method that uses setrawcookie. I would prefer the low level addHeader as I said before, but this will work for me by now.
Thank you very much!
Hitmark7
Jul 8, 2016, 7:07:25 AM7/8/16
to Haxe
It seems that setrawcookie it is not the solution. Try this PHP code:
This warning message will raise:
Warning: Cookie values cannot contain any of the following ',; \t\r\n\013\014' in /my/path/to/the/script.php on line 2
That Haxe will transform into a exception:
I don't know if shutting down the PHP warnings will get this to work, but I don't like to do so.
<?php
setrawcookie('foo', 'bar;chu');
This warning message will raise:
Warning: Cookie values cannot contain any of the following ',; \t\r\n\013\014' in /my/path/to/the/script.php on line 2
That Haxe will transform into a exception:
uncaught exception: Cookie values cannot contain any of the following ',; \t\r\n\013\014' (errno: 2) in /my/path/to/the/script.php at line #81Cookie values cannot contain any of the following ',; \t\r\n\013\014'
I don't know if shutting down the PHP warnings will get this to work, but I don't like to do so.
Andreas Mokros
Jul 8, 2016, 8:30:55 AM7/8/16
to haxe...@googlegroups.com
Hi.
On Fri, 8 Jul 2016 04:07:25 -0700 (PDT)
Hitmark7 <hitm...@gmail.com> wrote:
> setrawcookie('foo', 'bar;chu');
Why do you need a raw ";" in your cookie? Does the browser handle that
correctly at all?
And why doesn't it work when it's urlencoded?
--
Mockey
On Fri, 8 Jul 2016 04:07:25 -0700 (PDT)
Hitmark7 <hitm...@gmail.com> wrote:
> setrawcookie('foo', 'bar;chu');
correctly at all?
And why doesn't it work when it's urlencoded?
--
Mockey
Hitmark7
Jul 8, 2016, 10:50:03 AM7/8/16
to Haxe
Hi.
A Set-Cookie HTTP header looks like this:
The neko.Web.setCookie does not percent-encode the value of the cookie, and the client's browser parses all the fields correctly. But the php.Web.setCookie, that uses the PHP function setcookie, sends the header like this:
Having the entire second argument percent-encoded, the client's browser is unable to parse the Expires field, in this example. As you suggested, I tried using the PHP setrawcookie function, but it raises an exception.
I have managed to break my already formatted header value string into several arguments for the x.Web.setCookie Haxe method, which fixed the problem for Neko and PHP. So, I'm not in a hurry at the moment. However, a better solution would be appreciated. It would be great to have a low level method for header adding instead of setting.
Thanks for your time. :)
A Set-Cookie HTTP header looks like this:
The value of the header contains several name=value fields, separated by semicolons (;) . My application had that header value string formatted at some point, and afterwards it sets the header on the HTTP server using x.Web.setHeader. It worked fine until I had to use setCookie instead. Now I have to do something like this:
x.Web.setCookie("sessionToken", "abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT");The neko.Web.setCookie does not percent-encode the value of the cookie, and the client's browser parses all the fields correctly. But the php.Web.setCookie, that uses the PHP function setcookie, sends the header like this:
Set-Cookie: sessionToken=abc123%3B%20Expires%3DWed%2C%2009%20Jun%202021%2010%3A18%3A14%20GMTHaving the entire second argument percent-encoded, the client's browser is unable to parse the Expires field, in this example. As you suggested, I tried using the PHP setrawcookie function, but it raises an exception.
I have managed to break my already formatted header value string into several arguments for the x.Web.setCookie Haxe method, which fixed the problem for Neko and PHP. So, I'm not in a hurry at the moment. However, a better solution would be appreciated. It would be great to have a low level method for header adding instead of setting.
Thanks for your time. :)
Reply all
Reply to author
Forward
0 new messages