help: How to track user session with fastcgi

Maxim Dounin mdounin at
Thu Oct 25 15:01:11 MSD 2007


On Thu, 25 Oct 2007, Yingyuan Cheng wrote:

> I want to use nginx as web front, dispatching uri of dynamic content to
> fastcgi processes. How to track user session in such situation?
> I reviewed ngx_http_userid_module, which generates new user id if
> special cookie key not found. But it has some cons:
> - If this is the first time user visiting site page, nginx can't record
> user id with just visited page into log file

It can. The uid_set variable contains userid cookie nginx set in 
response, and may be used in log.

> - If the first visited page is generated by a fastcgi process, the
> fastcgi process can't get user id just generated by ngx_http_userid_module

Yes. The above variable can't be passed to fastcgi backend since userid 
module actual work happens while sending headers to client (i.e. after 
fastcgi request).

> Is there any way to work out? Thanks.

Userid module was designed to track users through http logs for 
statistical purposes, and it solves the problem.

If you want some way to assign session id to user for security/external 
data storage identifier etc (the "sessions" in php's meaning) - you should 
use other means to generate them.

Note: cookies generated by userid module shouldn't be used as security 
identifier, since malicious user can easily guess other user's cookie.

Maxim Dounin

More information about the nginx mailing list