Welcome! Log In Create A New Profile

Advanced

Re: how to clear a cookie value in request object

Previous Message Next Message
Forum List Message List New Topic Print View
Mike Ellery
November 02, 2013 02:06PM
> Message: 5
> Date: Sat, 2 Nov 2013 03:41:26 +0400
> From: Maxim Dounin <mdounin@mdounin.ru>
> To: nginx-devel@nginx.org
> Subject: Re: how to clear a cookie value in request object
> Message-ID: <20131101234126.GJ95765@mdounin.ru>
> Content-Type: text/plain; charset=us-ascii
>
> Hello!
>
> On Fri, Nov 01, 2013 at 09:41:20AM -0700, Michael Ellery wrote:
>
>> devs,
>>
>> I'm looking for advice about how to properly clear a cookie value from the current request so that it will be omitted
>> from the request when it goes upstream (to proxy). Here's the code I currently have:
>>
>> static ngx_str_t my_cookie_name = ngx_string("MyMagicCookieName");
>>
>>
>> ngx_uint_t i;
>> ngx_table_elt_t **h;
>> ngx_str_t null_header_value = ngx_null_string;
>> h = r->headers_in.cookies.elts;
>> for (i = 0; i < r->headers_in.cookies.nelts; i++) {
>> if (h[i]->value.len > my_cookie_name.len &&
>> 0 == ngx_strncmp(h[i]->value.data, my_cookie_name.data, my_cookie_name.len))
>> {
>> h[i]->value = null_header_value;
>> break;
>> }
>> }
>>
>>
>> my main concern is leaking memory -- will the nulling of this value cause memory to be leaked? If so, how can I fix this?
>>
>> A secondary concern is that I believe value can actually contain a list of comma separated of cookie name/vals, although
>> I've not actually encountered that problem so far. What would be the right way to wipe out only PART of the value data,
>> if that's indeed what I need to do?
>
> There are at least two problems with the above code:
>
> - It tries to modify r->headers_in, which is wrong. The
> r->headers_in contains headers as received from a client, and
> they are not expected to be modified. Modifications will likely
> result in undefined behaviour.
>
> - As you correctly assume, there can be more than one cookie in a
> single Cookie header (and usually there are - as long as there
> are more than one cookie used for a domain).
>
> Proper solution would be to provide a new value for the Cookie
> header in a variable (taking into account multiple cookies in a
> single header), and then use
>
> proxy_set_header Cookie $your_new_cookie_value;
>
> in configuration, much like with the $proxy_add_x_forwarded_for
> variable as available for X-Forwarded-For header modification.
>
> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
>

Maxim,

Thanks for your helpful response. Is there a predefined variable that
I can use to store my modified cookie value or will I just need to
create a new custom variable value?

Thanks,
Mike


--
+++++++++++++++++++
Mike Ellery
mellery451@gmail.com
+++++++++++++++++++

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

how to clear a cookie value in request object

Michael Ellery 868 November 01, 2013 12:42PM

Re: how to clear a cookie value in request object

Maxim Dounin 352 November 01, 2013 07:42PM

Re: how to clear a cookie value in request object

Mike Ellery 775 November 02, 2013 02:06PM

Re: how to clear a cookie value in request object

Maxim Dounin 484 November 04, 2013 04:58PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 158
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready