Re: [PATCH] Allow to specify a domain for a cookie

Hi Willy,

On Son 25.05.2008 10:18, Willy Tarreau wrote:
>Hi Krzysztof !
>
>On Fri, May 23, 2008 at 11:59:12PM +0200, Krzysztof Oledzki wrote:
>> >From 9c1f6f13fd0519cdef68bb5c9bf62a10a178dad6 Mon Sep 17 00:00:00 2001
>> From: Krzysztof Piotr Oledzki <ole#ans.pl>
>> Date: Fri, 23 May 2008 23:49:32 +0200
>> Subject: [MINOR] Allow to specify a domain for a cookie
>>
>> This patch allows to specify a domain used when inserting a cookie
>> providing a session stickiness. Usefull for example with wildcard domains.
>
>Cool, very nice, and I must say that I recently expressed the same
>need. One customer also suggested that we add the ability to set an
>Expires value to the persistence cookie. I explained that it would turn
>the cookies into stored cookies, but the proposed idea was that it is
>useful precisely when application sets stored cookies. He wanted to
>cover the risk that a client bound to a failed server can never
>reconnect to another server without closing the browser.
>
>The discussion turned to two possibilities (not exclusive) :
> - add an "expire" option to the cookie keyword to set the value
> - sniff another cookie to get the same values.
>
>I must say that I find the second option particularly interesting, as
>we could say that we insert a persistence cookie only when the server
>sets session cookie X, and that we use the same attributes (expires,
>domain, path, ...). We could also flush the cookie when the server does
>the same. It would provide about the same features as the prefix mode
>cookie, but without touching the existing one.
>
>I'd be interested in users' opinion on such a feature.

Sounds nice but what happen if the server sets no expires or a 'forever ~2038' cookie.

### e.g.:
Set-Cookie: _session_id=445aaa24bc9fe9b46f8408e494fd3b91; path=/ ###

This cookie will not be send to the server like 'insert indirect' mode.

I like the idea with such flow:

config: option duplicate_cookie X expires Y domain Z ... lifetime

Program:

if the server have set the expire, ... values use it if not take the configured options

the sheduler must take a look about the lifetime of such a cookie.

opinions?

Aleks Received on 2008/05/25 11:14