(This question is more of a reality check than anything else - I'm pretty sure this is possible, but want to be sure.)

I’m writing a proxy server that receives HTTP requests, passes them on to a remote server, and returns the remote server’s response.

I’ve run into a problem where one of the remote server responses is a 302 redirect that sets a cookie. Here’s an example:

server: nginx/0.7.65
date: Wed, 26 Jan 2011 04:42:18 GMT
connection: keep-alive
set-cookie: JSESSIONID=FFFFFFFUUUUUUUUUUU; Domain=.50.16.34.61; Path=/
location: http://50.16.34.61/client/whatever.html
content-length: "0"

When the client follows that redirect to 50.16.34.61 (a different domain than the proxy server) I notice that the cookies haven’t been set.

Am I trying to do something crazy here with the Domain part of the set-cookie directive?

Edit

Basically, I’m doing it wrong and according to http://www.ietf.org/rfc/rfc2109.txt the request-host really needs to be a superset of the Domain in the set-cookie directive.

/sad-trombone

The Domain= cookie stuff will only work if the Host: header that the browser asked for is a superset of the value used.

In your case, it seems like your proxy server is pretending to be another server, so it might make sense to intercept those Location: and Set-Cookie: header lines, among many other things, and replace the relevant bits to keep pointing at your server.

The client follows the redirect to 50.16.34.61, but was the page requested on that domain? The proxy isn't the problem here—if resource requested (which generated the 302) was on a different domain, you can't set a cookie for a different one.

The proxy certainly shouldn't be getting in the way.

Edit: hold on; is this not actually a HTTP proxy server, but rather a HTTP server that proxies?