Questions tagged [cookies]
129 questions
38
votes
3 answers
How to rewrite the domain part of Set-Cookie in a nginx reverse proxy?
I have a simple nginx reverse proxy:
server {
server_name external.domain.com;
location / {
proxy_pass http://backend.int/;
}
}
The problem is that Set-Cookie response headers contain ;Domain=backend.int, because the backend does not know…
Tobia
- 1,143
- 1
- 12
- 19
26
votes
3 answers
Can subdomain.example.com set a cookie that can be read by example.com?
I simply cannot believe this is quite so hard to determine.
Even having read the RFCs, it's not clear to me if a server at subdomain.example.com can set a cookie that can be read by example.com.
subdomain.example.com can set a cookie whose Domain…
Evan Plaice
- 480
- 1
- 5
- 12
16
votes
4 answers
haproxy: how to prepare a server maintenance without kicking app sessions?
The issue
I'm using haproxy to load balance web servers. I use session persistence with additional cookies as some applications use session files and these are not synchronized between servers.
I want to disable a server for maintenance, but without…
Christophe Drevet
- 1,962
- 2
- 17
- 25
11
votes
3 answers
Add samesite to cookies using Nginx as reverse proxy
With Nginx as reverse proxy, how do you add samesite=strict or samesite=lax to cookies?
Dr.Haribo
- 213
- 1
- 2
- 6
11
votes
2 answers
Nginx - Serve static content from a cookieless domain
I'm using the "page speed" extension for Firebug to try to optimise a website and I'm currently working on the following suggestion: "Serve static content from a cookieless domain".
I have created a separate sub-domain for some content so that I…
Tom
- 4,157
- 11
- 41
- 52
10
votes
8 answers
Servers harrassed by individual on constantly changing IPs
We run a community product. There is an individual (a little PoS kid) in the UK that is harassing our site for the last 6 months. His daily task is to create a new account, post a bunch of illegal / inflammatory content, get a rise out of people,…
Arronsky2
9
votes
2 answers
Is there a way to configure HAProxy to send traffic based on a cookie?
When configuring HAProxy, I would like to send traffic to certain servers based on the presence of a cookie.
For example:
There is a HAProxy server and 2 web servers (serverA and serverB).
When someone logs in, a cookie is created…
King
8
votes
1 answer
Date header returned by IIS7 is wrong
I am serving an ASP.NET application from IIS 7 but we are experiencing some weird cookie issues. The code works fine in other environments so we are assuming this is specific to this server (related question).
We have been looking at the http…
James Hollingworth
- 183
- 1
- 3
7
votes
2 answers
How cookies work with non persistance load balencers
We have a Drupal application that uses sso to log users in.
We are using AWS classic load balancers (ELB), AWS is telling us that there is no session persistence on the ELB.
What I am trying to figure out is how cookies work with non persistence on…
Donna Delour
- 414
- 5
- 10
6
votes
2 answers
How to make Varnish ignore, not delete cookies
I want to use Varnish to cache certain pages even in the presence of cookies. There are 3 possibilities that I need to take care of:
An anonymous user is viewing some page
A logged in user is viewing some page with light customization. These…
Jason Christa
- 622
- 4
- 11
- 21
6
votes
2 answers
How can I force Apache to not set cookies for subdomain?
I've set up a specific subdomain on my server for static content -- images.example.com
I'd like to configure Apache to never let cookies be set on that domain. But I'm not sure where/how to do that. Please advise :-)
Thanks!
Eric
5
votes
1 answer
Problems setting a cookie from a machine proxied by nginx
For a project of mine, I need to wire up a long chain of machines that are essentially proxying the HTTP requests for each other. It goes like this:
Web client - A - B/C - D
When a request is made from the browser, it first goes through a thin…
Preslav Rachev
- 151
- 1
- 1
- 4
5
votes
3 answers
Leverage proxy caching with nginx by removing Set-Cookie header
The following is a result of a bug within WebKit's Dev Tools used by Google Chrome and Apple's Safari. I have made a bug report with CrBug, who then identified the regression within WebKit Changeset 116952. I would like to thank @Grumpy and…
Mark Tomlin
- 620
- 3
- 10
- 23
5
votes
2 answers
Apache mod_header rule to change all cookies to secure
I would like to change all cookies to be secure and http-only. It works fine for one cookie, but doesn't work when multiple cookies are set in response.
Apache mod_header rule should change cookies from:
Set-Cookie cookie1=value; Path=/somePath…
Juraj
- 171
- 1
- 1
- 6
5
votes
2 answers
How to add recently set cookies to nginx's access log
I'd like to include cookie data in an nginx access log like so:
(simplified example)
log_format foo '$remote_addr "$request" $cookie_bar';
access_log /var/log/nginx/access.log foo;
This works great on requests that already have a cookie "bar", but…
etoleb
- 201
- 1
- 2
- 5