Nginx accept set-cookie but hide it from the client?

Jonathan Matthews contact at jpluscplusm.com
Sun May 5 20:11:14 UTC 2013


On 5 May 2013 21:00, nano <nginx-forum at nginx.us> wrote:
> Thank you for the reply Jonathan.
>
> My intentions are not malicious. The site in question is
> http://turkopticon.differenceengines.com/ and to read reports on that site
> one has to be logged in. The site is incredibly slow and I had an idea to
> cache the review data so reports on "bad requesters" (mturk requesters) will
> be easily available for access.
>
> However using my account to proxy reviews and cache them, has resulted in
> someone changing my password. Nothing was lost, but to cache pages and make
> them available for everyone I need a way to hide the Set-Cookie session from
> everyone or else it exposes my account.

I don't understand. Do you control the back-end application that is
consuming the cookies, or is it someone else's site?

> The site isn't really "private" but the reviews are password protected to
> encourage user registration.

What you are asking people on this list to help you with appears to
subvert this website's wishes, and leads me to suspect that you don't
control it.

Whatever your intentions are, malicious or otherwise, until you can
confirm that you're merely proxying your own application I'm not going
to be able to help you.

Jonathan
-- 
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html



More information about the nginx mailing list