help: How to track user session with fastcgi
yingyuan at staff.sina.com.cn
Fri Oct 26 05:09:04 MSD 2007
Thank you Maxim Dounin.
Maybe I should consider a 'ngx_http_sessid_module' based on
'ngx_http_userid_module'. Any more advice?
Maxim Dounin 写道:
> On Thu, 25 Oct 2007, Yingyuan Cheng wrote:
>> I want to use nginx as web front, dispatching uri of dynamic content to
>> fastcgi processes. How to track user session in such situation?
>> I reviewed ngx_http_userid_module, which generates new user id if
>> special cookie key not found. But it has some cons:
>> - If this is the first time user visiting site page, nginx can't record
>> user id with just visited page into log file
> It can. The uid_set variable contains userid cookie nginx set in
> response, and may be used in log.
>> - If the first visited page is generated by a fastcgi process, the
>> fastcgi process can't get user id just generated by
> Yes. The above variable can't be passed to fastcgi backend since
> userid module actual work happens while sending headers to client
> (i.e. after fastcgi request).
>> Is there any way to work out? Thanks.
> Userid module was designed to track users through http logs for
> statistical purposes, and it solves the problem.
> If you want some way to assign session id to user for
> security/external data storage identifier etc (the "sessions" in php's
> meaning) - you should use other means to generate them.
> Note: cookies generated by userid module shouldn't be used as security
> identifier, since malicious user can easily guess other user's cookie.
> Maxim Dounin
More information about the nginx