Hi all,
Today, we [soitu.es] released our patches to sign cookies, httponly
property and add user name to the ngx_http_userid_filter_module’s
cookies.
The summary:
-
Two new options:
userid_secretforsign "0ur-S3CRet.HerE!"; userid_httponly on;
-
So, the new syntax of “unauthenticated” (1) cookie is:
<NGINX_cookie>#<MD5Sign>
-
The “authenticated cookie” (2) is:
<NGINX_cookie>#<MD5Sign>#<more_data>
With a syntax for <more_data> like:
<userName>[#<extraData>]
-
Then, when the sign of (1) or (2) is verified, two new enviroment
variables could be sent to backend:IDUSR ---> the <NGINX_cookie> NAMEUSR -> the <userName>
So, the backend knows nothing about authetication and all work is
done by Nginx.
You have a complete description and the patch in:
http://www.soitu.es/soitu/2008/07/13/met/1215974436_160647.html
This is our second release of new modules or patches to Nginx. The first
one was a new module to clean HTML, delete special comments and add a
block of HTML after the tag (more info in
Primer módulo liberado para el Nginx | soitu.es).
Cheers,