How to change a cookie name with mod_rewrite?

StackOverflow https://stackoverflow.com/questions/23503545

  •  16-07-2023
  •  | 
  •  

Question

I'm trying to change the name of a cookie that's set by an AWS ELB, but keep its value with a rewrite condition and rewrite rule.

Here's what I've managed so far:

RewriteCond %{HTTP_COOKIE} AWSELB=(^BD.*) [NC]
RewriteRule ^(.*) - [CO=SIMELB:%1:.amazonaws.com:lifetime:-1]

Obviously the RewriteRule is incorrect, but could someone help me with the right syntax?

Was it helpful?

Solution

Ok, following the comment thread, I think there's enough info to get started. Foremost, your pattern doesn't work because of the (^BD.*) capture group, and in particular because of the ^ anchor. Instead, capture (BD[^;]+) to grab everything up to the next ; (or the end of the string if there isn't one).

To explicitly unset the previous cookie, other examples use the INVALID modifier, though I cannot find the documentation for it.

Apache mod_rewrite documentation on Cookies

RewriteCond %{HTTP_COOKIE} AWSELB=(BD[^&]+) [NC]
# Delete the old one
RewriteRule ^ - [CO=AWSELM:INVALID:.amazonaws.com:0:/:-1]
# Add the new one
# Specify your lifetime in minutes or 0 for the browser session (60 below)...
# ALso add the path
# Assumimg the -1 is for insecure cookies
RewriteRule ^ - [CO=SIMELB:%1:.amazonaws.com:60:/:-1]

For the old cookie to be successfully unset, both the domain and the path will need to exactly match those originally set by AWS. Inspect the cookies currently being set and make sure you match the domain & path.

And really, it isn't necessary to match BD... You could just as well do AWSELB=([^;]+) because it must only match up to the following semicolon anyway.

Addendum:

If the value is being lost, it may be because the the RewriteCond is only applied to the first subsequent matching RewriteRule. You can always just repeat the RewriteCond. This is ugly, unfortunately, but I tested it and found it to work correctly.

# no capture group the first time since you don't use it until later
RewriteCond %{HTTP_COOKIE} AWSELB=BD.+ [NC]
RewriteRule ^ - [CO=AWSELM:INVALID:.amazonaws.com:0:/:-1]
# This will continue to execute since the previous didn't have [L]
RewriteCond %{HTTP_COOKIE} AWSELB=(BD[^&]+) [NC]
RewriteRule ^ - [CO=SIMELB:%1:.amazonaws.com:60:/:-1]

(Note: you won't see the cookie value updated until a subsequent HTTP request; that is, if you tried to inspect it from your script right after setting it with Apache, the new value won't be present because the cookie header has to make a round trip back to the client)

OTHER TIPS

Instead of trying to rewrite the cookie name, I tested with mod_header directives and seem to have addressed my issue with Amazon's ELB cookie breaking session affinity with another Amazon ELB. 

RequestHeader edit Cookie AWSELB SIMELB
RequestHeader edit Cookie APPELB AWSELB
Header always edit Set-Cookie AWSELB APPELB
Header edit Set-Cookie AWSELB APPELB

This so far seems to work, relying on the browser to maintain the memory for me because after the retrieving the value of the first AWSELB on request, when I get the set-Cookie response back from the second AWSELB, the browser sees APPELB={value} and recalls the correct request cookie obtained from the first AWSELB.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top