nginx keeping session

Dave Cheney dave at
Wed Oct 22 15:08:58 MSD 2008

> eh, depending on what you're storing couldn't it hit the RFC cookie
> limit pretty easily?

The only piece of data you would need is the user id. Everything else  
can be deduced from that.

> i suppose it has some sort of key and expiry in it so people can't
> spoof alternate expiry times etc.

Not really sure, haven't used it in production and I'm not working  
with rails at the moment. You make a good point thou, you probably  
need two things, the user id, and an expiry time encoded in the  
cookies value.



More information about the nginx mailing list