Welcome! Log In Create A New Profile

Advanced

NGINX and Cookies are hijacking on clients on the same network(NAT)

This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
December 26, 2011 12:18PM
We are experiencing a problem after the adoption of nginx as a server (apache had before).

It turns out that we are seeing many cases of clients that access data from other users in the session. This is because the login system (PHP) are stored in cookies. These cookies are being "shared" in computers on the same corporate network.

We realize that this problem only happens for several customers who are on the same network - that is, have the same external IP shared via single access point(NAT).

We've tried to do much to avoid the problem by adding validations and hash on cookies, but eventually realized that our server simply can not store cookies properly, and for the same network multiple machines share the cookie, which must be just a browser .

We are not sure if the problem is in NGINX, but we suspect it before the migration of APACHE -> nginx does not have the problem.

Is there some setting that can be done to remedy this problem?

Thanks for the help!
Subject Author Posted

NGINX and Cookies are hijacking on clients on the same network(NAT)

joao_neto December 26, 2011 12:18PM

Re: NGINX and Cookies are hijacking on clients on the same network(NAT)

Maxim Dounin December 26, 2011 02:28PM



Online Users

Guests: 258
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready