[Fwd: Possible bug with set-cookie]

Brice Figureau brice+nginx at daysofwonder.com
Wed Oct 17 12:13:25 MSD 2007


On Wed, 2007-10-17 at 09:31 +0200, Matteo Niccoli wrote:
> Manlio Perillo ha scritto:
> > You can also disable the master process.
> 
> Ok I found in the error_log:
> 
> *3486 client sent too long header line:

I think you need to set large_client_header_buffers:
http://wiki.codemongers.com/NginxHttpCoreModule#large_client_header_buffers

> So, I think this is a big problem, because if the cookie that client sends
> to server, is too big, the user is lost because can't connect to server
> anymore.

> Wouldn't it be better if instead of reply with "400 Bad Requests", nginx cut
> the cookie, or pass directly to the application in fastcgi?
> How apache manage this issue?

I prefer Nginx to deny and log the request instead of corrupting
silently the data. Silent corruption are evil because they get unnoticed
and usually you end up taking days to troubleshoot the problem without
even knowing where to look at.
-- 
Brice Figureau <brice+nginx at daysofwonder.com>






More information about the nginx mailing list