We are splitting our website into multiple sub-domain and all of our existing cookies are tied to a single domain. I am trying to use Apache to edit the cookies to reset the domain but I am having issues with the correct way to do it.
The issue is Set-Cookie header contains multiple tupples in various order and case and may not even include a domain.
I explored using mod_rewrite because there is alot of flexibility but this appears to work on all request cookies, %{HTTP_COOKIE}, and not individual response cookies. I need to modify every cookie in the response.
I have experimented with mod_header and have a solution but I am afraid I am limited to having the tuples present and in the correct order.
Header edit Set-Cookie "^([^;]*;).*((?i)(Path|Expires)=.*)$" "$1 Domain=.domain.com; $2"
This also assume that HttpOnly and Secure are at the end if they exist. This is a safe bet since our back end does not set them and Apache appends them later.
The back end are some Java applications. While changing them might be the long term approach, I am currently limited to the Apache layer sitting in front of the Java layer.
I have tried the following but it requires domain to be present.
Header edit Set-Cookie "^(.*)((?i)(Domain)=[^,;]*[,;]?)(.*)$" "$1 Domain=.domain.com; $4"
I have tried making the domain group optional but the first group gets greedy even if the domain tupple is present. I do not care if any group gets greedy if the domain tupple does not exist. Even coding it as lazy did not help.
Header edit Set-Cookie "^(.*?)((?i)(Domain)=[^,;]*[,;]?)?(.*)$" "$1 Domain=.domain.com; $4"
Any suggestions? My regex skills are very trial and error but my gut tells me this is doable.
Thanks, Wes.
Bonus Question:
I need to support multiple domains since they change as we migrate from development to production. I can use environment variables when setting or appending header variables but not when I edit them. Any suggestions.
This works with an environment variable in the value.
Header append Access-Control-Allow-Origin "%{HTTP_ORIGIN}e" env=HTTP_ORIGIN
This does not with an environment variable in the replacement.
Header edit Set-Cookie "([^;]*;).*(Path=.*)" "$1 Domain=.%{cookieDomain}e; $2"
