Welcome! Log In Create A New Profile

Advanced

NGINX and Cookies are hijacking on clients on the same network(NAT)

Previous Message Next Message
Forum List Message List New Topic Print View
joao_neto
December 26, 2011 12:18PM
We are experiencing a problem after the adoption of nginx as a server (apache had before).

It turns out that we are seeing many cases of clients that access data from other users in the session. This is because the login system (PHP) are stored in cookies. These cookies are being "shared" in computers on the same corporate network.

We realize that this problem only happens for several customers who are on the same network - that is, have the same external IP shared via single access point(NAT).

We've tried to do much to avoid the problem by adding validations and hash on cookies, but eventually realized that our server simply can not store cookies properly, and for the same network multiple machines share the cookie, which must be just a browser .

We are not sure if the problem is in NGINX, but we suspect it before the migration of APACHE -> nginx does not have the problem.

Is there some setting that can be done to remedy this problem?

Thanks for the help!
Reply Quote
RSS
Subject Author Posted

NGINX and Cookies are hijacking on clients on the same network(NAT)

joao_neto December 26, 2011 12:18PM

Re: NGINX and Cookies are hijacking on clients on the same network(NAT)

Maxim Dounin December 26, 2011 02:28PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 287
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready