Sending logout events
grzegorz.nosek at gmail.com
Wed Aug 27 18:07:05 MSD 2008
On Wed, Aug 27, 2008 at 05:55:11PM +0400, Igor Sysoev wrote:
> > How would you distinguish between multiple sessions from the same
> > client? I guess you'd need a cookie set by the authenticator and sent by
> > nginx when the session ends.
> This is IMAP/POP3, but not HTTP, there are no cookies.
I know, but the communication with the authenticator is (AFAIK) over
HTTP. Nginx does not need any cookies because it knows exactly when a
session starts and when it ends (it's a single TCP connection). However,
the proposed logout notifications would be separate HTTP requests so the
authenticator would have to associate them somehow.
One way would be for the authenticator to send a normal HTTP cookie,
which then Nginx sends back upon logout. Another simpler way would be to
send the client IP:port pair both on session start and on session end.
More information about the nginx