Protect link with cookies?

merlin corey merlincorey at
Thu Jun 11 01:53:43 MSD 2009

That is precisely the kind of control required to take place in an
upstream application, not nginx.  Nginx should be thought of as sort
of a signal processor, that is, it sits in a stream and does its
business as quickly and efficiently as possible.  Waiting on databases
is neither quick nor efficient.

Also there is nothing secure about cookies, which can be completely
manipulated by the client.  Session data, on the other hand, is
internal and therefore much more reliable (and is basically what you
want to use).

-- Merlin

On Wed, Jun 10, 2009 at 3:16 AM, Artifex Maximus<artifexor at> wrote:
> Hello!
> On Tue, Jun 9, 2009 at 2:48 PM, Artifex Maximus<artifexor at> wrote:
>> 2009/6/9 Igor Sysoev <is at>:
>>> On Tue, Jun 09, 2009 at 01:30:50PM +0200, Artifex Maximus wrote:
>>>> I am pretty newbie to nginx and having problem on protecting my links.
>>>> I am using valid_referers but is it possible using cookies for make it
>>>> stronger?
>>>> For example I set cookie uid with nginx's userid in 'location / {}'
>>>> and check somehow under 'location /download/ {}' for cookie uid. Is it
>>>> possible or just a dream? Userid was just an idea and not necessary.
>>>> And any other ideas are welcome as well because cheating referer is
>>>> easy task.
>>>    location /download/ {
>>>        if ($cooke_NAME = '') {
>>>            return 403;
>>>        }
>>>    }
>> Looks nice. Thank you Igor!
> And working perfectly though. Is there any simple solution (without
> PHP or any external utility) to tracking this cookies? I mean storing
> cookies in database and checking that cookie have sent is valid or
> not. Or is it too complex and not nginx task?
> Bye,
> Zsolt

More information about the nginx mailing list