4

Is it possible to delete a specific cookie via Apache if a certain page request contains a specific referrer?

I have found a similar question which is about deleting cookies in general (How to remove a cookie in Apache) but this does not use any conditions or cookie names.

My concrete use case is: Delete (or unset it's value) cookie named "country" if requested url is "/choose-language" and referrer is "www.external.domain".

Currently the following Apache modules are available:

core mod_so mod_watchdog http_core mod_log_config mod_logio     
mod_version mod_unixd mod_access_compat mod_alias mod_auth_basic 
mod_authn_core mod_authn_file mod_authz_core mod_authz_host 
mod_authz_user mod_autoindex mod_deflate mod_dir mod_env mod_expires 
mod_filter mod_headers mod_mime prefork mod_negotiation mod_php7 
mod_proxy mod_proxy_fcgi mod_remoteip mod_rewrite mod_setenvif 
mod_socache_shmcb mod_ssl mod_status
maxhb
  • 8,554
  • 9
  • 29
  • 53
  • You can't delete http cookie using mod-rewrite but you can update or override value of a cookie but I don't think this is what you are looking for. I think you should use a PHP solution as its much better easier than mod-rewrite for manipulating HTTP cookie . – Amit Verma Apr 04 '18 at 11:48
  • @starkeen Resetting the cookie value to "" would be enough in my case. Any suggestions/examples? – maxhb Apr 04 '18 at 12:13

2 Answers2

3

Something like the below should do it:

RewriteEngine On
RewriteCond %{HTTP_REFERER} "^www\.external\.domain$"
RewriteRule "/choose-language" - [E=SetCookie:1]

Header set Set-Cookie cookieName= ENV=SetCookie

Use mod_rewrite to set an environment variable, then use it with mod_headers to modify the relevant header.

This example sends a Set-Cookie header to set cookieName to an empty value. I don't know what your upstream application is doing, so this may not be the correct configuration, but using either Header unset or Header merge in place of Header set should yield the correct result. More information here.

The most important section is using the RewriteCond and RewriteRule directives to set the environment variable SetCookie. Once you have this, it should be straightforward to figure out the correct response to remove or overwrite the cookie.

arco444
  • 22,002
  • 12
  • 63
  • 67
3

Your loaded modules imply Apache 2.4 where you have access to <If> and conditional expressions on Header

<If "%{HTTP_REFERER} =~ /www.external.domain/ && %{REQUEST_URI} == '/choose-language'">
  Header add Set-Cookie country=
</If>

or

Header add Set-Cookie country= "expr=%{HTTP_REFERER} =~ /www.external.domain/ && %{REQUEST_URI} == '/choose-language'"
covener
  • 17,402
  • 2
  • 31
  • 45