help: How to track user session with fastcgi

Yingyuan Cheng yingyuan at
Fri Oct 26 05:09:04 MSD 2007

Thank you Maxim Dounin.

Maybe I should consider a 'ngx_http_sessid_module' based on 
'ngx_http_userid_module'. Any more advice?


Maxim Dounin 写道:
> Hello!
> On Thu, 25 Oct 2007, Yingyuan Cheng wrote:
>> I want to use nginx as web front, dispatching uri of dynamic content to
>> fastcgi processes. How to track user session in such situation?
>> I reviewed ngx_http_userid_module, which generates new user id if
>> special cookie key not found. But it has some cons:
>> - If this is the first time user visiting site page, nginx can't record
>> user id with just visited page into log file
> It can. The uid_set variable contains userid cookie nginx set in 
> response, and may be used in log.
>> - If the first visited page is generated by a fastcgi process, the
>> fastcgi process can't get user id just generated by 
>> ngx_http_userid_module
> Yes. The above variable can't be passed to fastcgi backend since 
> userid module actual work happens while sending headers to client 
> (i.e. after fastcgi request).
>> Is there any way to work out? Thanks.
> Userid module was designed to track users through http logs for 
> statistical purposes, and it solves the problem.
> If you want some way to assign session id to user for 
> security/external data storage identifier etc (the "sessions" in php's 
> meaning) - you should use other means to generate them.
> Note: cookies generated by userid module shouldn't be used as security 
> identifier, since malicious user can easily guess other user's cookie.
> Maxim Dounin

More information about the nginx mailing list