10 May 00:33
Re: Forcing clients to enable cookies?
From: Brian Rectanus <Brian.Rectanus <at> breach.com>
Subject: Re: Forcing clients to enable cookies?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-09 22:33:40 GMT
Subject: Re: Forcing clients to enable cookies?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-09 22:33:40 GMT
Stefan Müller-Wilken wrote: > Hi there, Brian, > thanks for your help! I was so locked in on the idea of using > mod_security that I've spent the afternoon hunting down the > setsid+response-modification trail but this looks _by_far more elegant. > Reminds me of what they say about tools: "if you've got a hammer > everything looks like a nail!" > > Anyways, no need to worry, I don't get confused too easilyBut then > again, there indeed _IS_ one thing that confuses me a bit: in your code > snippet you nowhere actually set the cookie, right? Something along the > lines of ... > > # Set environment variable and same time set a probing cookie > RewriteRule ^/your/entry/page - [E=checkcookie:1, > CO=cookieprobe:yes:mydomain.com:1:/] > > ... would do the trick, no? Ah, yes, that would help ;) -B -- -- Brian Rectanus Breach Security ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
RSS Feed