Nginx accept set-cookie but hide it from the client?

nano nginx-forum at nginx.us
Sun May 5 20:00:55 UTC 2013


Thank you for the reply Jonathan.

My intentions are not malicious. The site in question is
http://turkopticon.differenceengines.com/ and to read reports on that site
one has to be logged in. The site is incredibly slow and I had an idea to
cache the review data so reports on "bad requesters" (mturk requesters) will
be easily available for access.

However using my account to proxy reviews and cache them, has resulted in
someone changing my password. Nothing was lost, but to cache pages and make
them available for everyone I need a way to hide the Set-Cookie session from
everyone or else it exposes my account.

The site isn't really "private" but the reviews are password protected to
encourage user registration.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,238867,238871#msg-238871



More information about the nginx mailing list