Re: Question about Cookie-Configuration

From: Willy Tarreau <w#1wt.eu>
Date: Thu, 31 Jan 2008 22:15:45 +0100


Hi Mirco,

On Thu, Jan 31, 2008 at 09:47:13PM +0100, Mirco Heibült wrote:
> Hello there,
>
>
>
> I have some problems with understanding the cookie sessions. I tried two
> things on my working haproxy.
>
>
>
> First:
>
> cookie SERVERID rewrite

Rewriting supposes that your server sets the cookie itself. This is not a recommended solution for new designs as it is intimately tied to the application.

>
> #option httpclose

cookie rewriting will not work without httpclose, because the first one will be changed and not subsequent ones if your server pushes other ones.  

> Problem: Often I am redirected to another server although I was logged in my
> Community the SERVERID-Server, so the user was logged out! :-(

I was sure that was what you'd get :-)

> Second:
>
> cookie SERVERID insert
> option httpclose

even better, you can add "indirect nocache" after "insert". It will only insert a cookie when required, and set the "cache-control: no-cache" header when doing this.

> Every PHP-Code had this at the beginning:
>
>
>
> // save used server
>
> if(!isset($_COOKIE['SERVERID']))
>
> {
>
> setcookie('SERVERID',
> $connections[$_SERVER['SERVER_ADDR']]['server_id']);
>
> $_COOKIE['SERVERID'] =
> $connections[$_SERVER['SERVER_ADDR']]['server_id'];
>
> }

I don't read PHP code, so I'm not exactly sure what this does. However, in insert mode, you have absolutely nothing to do on the server. The server will not even know that a cookie was set on the client side. That's why it's the cleanest solution.

> The second seemed better…but in the rush hour, the Server got totally slow,
> very unperformant. And sometimes there came no answer.
>
> So I had to stop the second test and went back to the first configuration.

It is possible that you have an outer reverse-cache that caches the serverid cookie on cacheable objects and sends it to all users requesting the cached object. This would bring a lot of people on the same server, possibly asking it to create a new session.

> But how can I do the same best with haproxy? Of course I read the manual
> but I think I didn’t understand this perfect.

In the architecture manual, you'll find config examples with detailed exchanges between client, proxy and server. It should be of interest to you if you like reading docs. Also, the new configuration manual should help too. I will soon remove the old manual in order not to confuse users.

Regards,
Willy Received on 2008/01/31 22:15

This archive was generated by hypermail 2.2.0 : 2008/01/31 23:00 CET