Re: Reading cookies

From: Fabio Bacigalupo <>
Date: Tue, 1 Jul 2008 14:35:34 +0200

Hey all,

thank you for the numerous responses!

Am Sonntag, 29. Juni 2008 schrieb Aleksandar Lazic:
> acl anon hdr_reg(cookie) ANON
> ...
> 1.) when will the ANON cookie be killed?

I see one difficulty working with a cookie for anonymous users. Let me break this down further.

I want to minimize the number of requests made to the backend. Assume we have a first time user. It will be a guest. He does not have a cookie, yet. So I pass him to the backend just to see that it is a guest and give away an ANON cookie.

If I instead by default only give a cookie to loggedin members this guest would be served from the very first request through the (proxy) cache.

> 2.) isn't there a better way. for example based on the loginurl to make,
> this decision?

In our case I don't think using the login url will work. The url is accessible for both guests and loggedin users. Guests will see a "login right now" screen. Loggedin members will redirected to their profile. This is nothing I can change as it is a basic part of the architecture of the application.

Am Montag, 30. Juni 2008 schrieb Patrick Viet:
> cookie without a lookup cannot be reliable in a security based approach
> Lets hope that the caching proxy only accelerates and that the only
> consequence would be to bypass it and directly hit the dynamic content
> servers - loading them slighly more

Yes, the caching proxy is only there to accelerate things and to reduce load on the backend servers.

I think I will try to setup a scenario with an extra cookie for loggedin users. I'll let you know how / if it works.


Received on 2008/07/01 14:35

This archive was generated by hypermail 2.2.0 : 2008/07/01 19:16 CEST