share cookies between servers

David Ni zn1314 at 126.com
Fri Jan 11 11:59:47 UTC 2019 

Hi Francis,
    Thanks very much for your point!
    I have read some info from internet based on your suggestion,for my understanding:
   when I login  to one of the server datanode02.bddev.test.net,set cookie like this:
 server {
  listen 80;
  server_name datanode02.bddev.test.net;
  error_log  /var/log/nginx/error_for_bigdata.log  info;
  access_log  /var/log/nginx/http_access_for_bigdata.log  main;
  auth_ldap "Restricted Space";
  auth_ldap_servers bigdataldap;


  location / {
           proxy_pass http://datanode02:16010/;
           more_clear_headers "X-Frame-options";
add_header Set-Cookie "myauth=true;Domain=.bddev.test.net;Path=/;Max-Age=31536000";
           sub_filter_types *;
           sub_filter_once off;
  }
}


then in datanode03.bddev.test.net configuration:
 server {
  listen 80;
  server_name datanode03.bddev.test.net;
  error_log  /var/log/nginx/error_for_bigdata.log  info;
  access_log  /var/log/nginx/http_access_for_bigdata.log  main;
#this will skip the ldap auth
if ( $http_cookie ~* "myauth=true" ) {
  auth_ldap "Restricted Space";
  auth_ldap_servers bigdataldap;
}
  location / {
           proxy_pass http://datanode03:16010/;
           more_clear_headers "X-Frame-options";
add_header Set-Cookie "myauth=true;Domain=.bddev.test.net;Path=/;Max-Age=31536000";
           sub_filter_types *;
           sub_filter_once off;
  }
}
am I correct?






At 2019-01-11 07:01:31, "Francis Daly" <francis at daoine.org> wrote:
>On Thu, Jan 10, 2019 at 05:14:17PM +0800, David Ni wrote:
>
>Hi there,
>
>>     I have one requirement right now,we are using nginx with ldap auth
>...
>> my requirement is that whether datanode02.bddev.test.net datanode03.bddev.test.net
>can share cookies between each other,
>
>Read about http cookies, and the "domain" attribute/directive of them.
>
>If you decide that the benefits to you are worth more than the costs to
>you, then find whatever part of your system sets the cookies (creates
>the Set-Cookie: header), and change that to add a suitable "Domain=" string.
>
>That part of your system is probably not nginx-provided C-code.
>
>Good luck with it,
>
>	f
>-- 
>Francis Daly        francis at daoine.org
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190111/434fd1f5/attachment.html>

More information about the nginx mailing list