Reading the cookies from Server.r

Skip to first unread message

Biib DataS

Aug 18, 2015, 4:22:36 PM8/18/15
to Shiny - Web Framework for R
I am using apache basic login and setting the username in a cookie. I am want access information from that cookie from Server.r using Session object. I have printed all the variable from session$clientData and did not see any handle to access cookies. Did any one tried accessing the client side cookies from Server.r

Any help is greatly appreciated.

Thank you

Joe Cheng

Aug 19, 2015, 1:12:26 PM8/19/15
to Biib DataS, Shiny - Web Framework for R
Shiny Server currently drops cookies and all but a few HTTP headers. However, with Shiny Server Pro you can pass this data using HTTP headers with, as long as you make sure that Apache *always* either sets or clears that header for *every* request that is sent to Shiny Server.

You received this message because you are subscribed to the Google Groups "Shiny - Web Framework for R" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
For more options, visit

Davide Dal Farra

Sep 27, 2016, 12:46:23 PM9/27/16
to Shiny - Web Framework for R
My solution involves Apache, mod_headers and mod_rewrite:

My need was to read a session cookie from Shiny server, at page load so, at apache level I extracted it from the headers:

                SetEnvIf Cookie "(^|;\ *)PHPSESSID=([^;\ ]+)" phpsessid=$2

and I added it to the url query string:

                RewriteEngine on
                RewriteCond %{QUERY_STRING} ^((?!phpsessid=[0-9a-z]+).)*$
                RewriteCond %{QUERY_STRING} ^.*auth=remote.*$
                RewriteRule ^(.*)$ /$1?phpsessid=%{ENV:phpsessid} [R,L,QSA]

In this way, every time you call the url with the query parameter "auth=remote", you end up with the cookie value on the phpsessid param of the url.
This of course is acceptable if you can afford to have the value on the URL (which is visible). For session cookies this is not the best, but I think is pretty much the same you can obtain with Javascript (where in any case you have to remove the httponly flag!) but with the advantage that the value is available on the server without too many back and forward calls (and at page load time).
Reply all
Reply to author
0 new messages