How to proxy a page and step out of the loop?

Question

I have a service (in PHP):

• A User browser accesses Private URL at the Service
• Service decodes Private URL and fetches page from a Client Server (Curl)
• Service modifies page from Server according to Private URL info in a database
  • Response headers (content length, set-cookie[server-domain])
  • Add a <base> tag for relative href's
  • Add javascript to set form fields to initial values
• Service forwards modified page to User browser (and is done with any further interaction) as the form action attribute points at the Client Server.

Question: the set-cookie headers do not seem to work, maybe just a debugging issue, BUT is this a good way to do this? If not, how better?

And it is because a sales guy sold the service already.

Answer 1

The issues here turns out to be cross-domain cookies, a distinct non-no as it is one of the essential moves of an attack vector.

The browser is not accepting the cookies with the re-written domain names, as indeed it should not (neither in the response headers nor in javascript).

The proper solution can only be had by fully proxying the Client Server.