share cookies between servers

Francis Daly francis at daoine.org
Sat Jan 12 18:13:06 UTC 2019


On Fri, Jan 11, 2019 at 07:59:47PM +0800, David Ni wrote:

Hi there,

>   auth_ldap "Restricted Space";
>   auth_ldap_servers bigdataldap;
> 
>   location / {
>            proxy_pass http://datanode02:16010/;
> add_header Set-Cookie "myauth=true;Domain=.bddev.test.net;Path=/;Max-Age=31536000";
>   }

> then in datanode03.bddev.test.net configuration:

> if ( $http_cookie ~* "myauth=true" ) {
>   auth_ldap "Restricted Space";
>   auth_ldap_servers bigdataldap;
> }
>   location / {
>            proxy_pass http://datanode03:16010/;
> add_header Set-Cookie "myauth=true;Domain=.bddev.test.net;Path=/;Max-Age=31536000";
>   }
> }

> am I correct?

I suspect "no".

I don't know what your "normal" works-on-a-single-server auth_ldap system
looks like.

(http://nginx.org/r/auth_ldap suggests that it is not a default-provided
module.)

If your normal system involves you doing

  add_header Set-Cookie "myauth=true;Path=/;Max-Age=31536000";

then you are correct to add the "Domain=" bit here.

But I would expect that the config in the two server{} blocks will be
very similar. So either the "if" part should be in both servers, or in
neither server. If your single-server config includes it, it should be
included in the multi-server config too.

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list