Is it possible to set headers inside an Apache output filter?

Question

We're using Apache 2.4 with mod_python, which is used for an output filter that is rewriting some of the HTML output. We're currently setting cookies using document.cookie in JS, but this isn't optimal. We'd ideally like to set cookies via headers. We've tried using filter.req.headers_out['SetCookie'] and Cookie.add_cookie , but to no avail.

Is this even possible? If not, what's a better option? We're stuck with Apache 2.4 and mod_python as our only options.

---

Available Apache modules:

Loaded Modules:

• access_compat_module (shared)
• alias_module (shared)
• auth_basic_module (shared)
• authn_core_module (shared)
• authn_file_module (shared)
• authz_core_module (shared)
• authz_host_module (shared)
• autoindex_module (shared)
• cgi_module (shared)
• core_module (static)
• deflate_module (shared)
• dir_module (shared)
• env_module (shared)
• expires_module (shared)
• filter_module (shared)
• headers_module (shared)
• http_module (static)
• include_module (shared)
• log_config_module (shared)
• mime_module (shared)
• mpm_prefork_module (shared)
• negotiation_module (shared)
• php7_module (shared)
• proxy_http_module (shared)
• proxy_module (shared)
• python_module (shared)
• remoteip_module (shared)
• rewrite_module (shared)
• setenvif_module (shared)
• so_module (static)
• ssl_module (shared)
• substitute_module (shared)
• systemd_module (shared)
• unique_id_module (shared)
• unixd_module (shared)
• vhost_alias_module (shared)
• watchdog_module (shared)

How I'm currently trying to set cookies (in dev):

def add_cookie(req, name, value, domain=None, expires=None):
    """Adds a cookie
    Arguments:
        req -- the request
        name -- the cookie name
        value -- the cookie value
        domain -- (optional) the domain the cookie is applicable to
        expires -- (optional) the time in minutes the cookie is set to expire, defaults to current session
    """
    cookie = Cookie.Cookie(name, value)
    # Always set the path to the root
    cookie.path = '/'
    # Set domain if present
    if domain is not None:
        cookie.domain = domain
    # Set expires if present
    if expires is not None:
        expires = int(expires)
        cookie.expires = time.time() + (60 * expires)
    # Add a freshly-baked cookie
    Cookie.add_cookie(req, cookie)

Answer 1

I figured this out on my own. The short version is, yes you can. The reason it wasn't working for me before was the location I was setting cookies was incorrect. I moved that bit from the HTML processing area (where it didn't belong anyway) and put it directly in the outputfilter method.

I hope this helps someone.