Re: Timed cookies

From: Willy Tarreau <w#1wt.eu>
Date: Sat, 20 Oct 2007 08:09:05 +0200


Hello John,

On Fri, Oct 19, 2007 at 01:09:45PM -0400, Lauro, John wrote:
> (currently using 1.2.17)
>
> Is there a way to have cookies expire after so many hours of not being
> used? We have users that leave their browsers on for days if not
> weeks... and so even though I implemented a soft stop with check on a
> different port than the server, there always seems to be some traffic
> going through the backup. (Ok, I never waited 48 hours, maybe
> eventually traffic would stop). Our app will expire their session
> within 4 hours, so it would be nice if the cookie could be
> time-stamped and invalidated if old. Obviously it would have to be
> renewed if old (ie: 30min), but not too old (ie: 4 hours), and if too
> old it could be rebalanced.

I don't understand why this is required. Maybe you have the "persist" option set ? Normally, if a server is down, it thould not receive any session, even if the cookies references it.

> Just wondering if there is already a way to do something like that,
> and or any plans? If not, would anyone else find it useful, or is
> there some other better way to handle it? (I can't do it in the
> application, I am using cookie with insert nocache indirect).

If possible, I'd like to avoid adding the load-balancer's time of day as a variable in the chain. Right now, you can have and out-of-date system without any problem. Having to ensure the LB is in sync would become a problem for many setups. And a bad side effect would be people forcing the date on it to resync it, thus getting stucked sessions for the time needed to reach the old expiration date.

A dirty solution could be to use the "Date:" field from the server, convert it and add an expiration timer, then assign it to the cookie. But that becomes tricky and quite difficult to check.

> Recommendations for Stats page:
> If down include downtime (seconds or minutes) in addition to count.
> (IE: Was this server unavailable 5 separate times totaling 10 minutes,
> or 1 time totaling 5 hours).

OK, that seems reasonable. It could be used to compute an SLA.

> Last time a request came in (especially for hosts in backup mode, so I
> can know if it's relatively safe yet to reload or not).

Yes, I've already thought about that one for the same reason. I think that a simple field in human readable form would be enough, such as "5ms", "10s", "3m", "5h", "13d"....

> If I get some spare time (HA!), I might try to implement patches for
> the above, but I say that without looking at the code yet.

Be careful, I don't want to add new features to 1.2.17, or minor features only. It's basically in fixes-only mode right now. However, adding 2 columns in the stats page in 1.3 is OK for me.

Regards,
Willy Received on 2007/10/20 08:09

This archive was generated by hypermail 2.2.0 : 2007/11/04 19:21 CET