Anyone can help me about this?
-------- Messaggio Originale --------
Oggetto: Possible bug with set-cookie
Data: Thu, 04 Oct 2007 15:24:57 +0200
Da: Matteo N. [email protected]
A: [email protected]
Hi,
I have this script:
<?php
setcookie('testcookie',str_repeat('a',$_REQUEST['l']),
(time()+(86400*30)));
?>
If I execute it, with:
http://$url/test.php?l=1799
it works.
If I switch from 1799 to 1800, nginx stop serving this page.
It appens only with nginx. Apache is works good maybe by deleting cookie
or
simple overwriting another.
How can solve this?
Bye.
Matteo N. ha scritto:
I have this script:
<?php
setcookie('testcookie',str_repeat('a',$_REQUEST['l']), (time()+(86400*30)));
?>
If I execute it, with:
http://$url/test.php?l=1799
it works.
If I switch from 1799 to 1800, nginx stop serving this page.
It may be a problem with buffer size.
What is the total size of the cookie header?
Have you tried to enable debug mode?
You should look in the log file for error messages.
It appens only with nginx. Apache is works good maybe by deleting cookie or
simple overwriting another.
How can solve this?
Regards Manlio P.
Manlio P. ha scritto:
It may be a problem with buffer size.
What is the total size of the cookie header?
Have you tried to enable debug mode?
You should look in the log file for error messages.
I don’t see any error in log file. When problem occurs, no entry
was logged in error_log. The only way I found to debug this, is
to set only 1 process for nginx, and using strace -p. I can post
some results here, if you think that can useful the output of
strace.
Matteo N. ha scritto:
Manlio P. ha scritto:
It may be a problem with buffer size.
What is the total size of the cookie header?
Have you tried to enable debug mode?
You should look in the log file for error messages.
I don’t see any error in log file. When problem occurs, no entry
was logged in error_log. The only way I found to debug this, is
to set only 1 process for nginx,
You can also disable the master process.
You should also compile nginx with debug enabled and set the log level
to info or debug_http (if necessary, this produces a lot of noise)
and using strace -p. I can post
some results here, if you think that can useful the output of
strace.
I’m unable to reproduce the problem with a Python application served via
fastcgi.
What version of nginx are you using?
P.S.
I have received you private email but I’m unable to reply since your
SMTP server is refusing mails from the SMTP server of my ISP, and from
Google, too!
Regards Manlio P.
Manlio P. ha scritto:
You can also disable the master process.
Ok I found in the error_log:
*3486 client sent too long header line:
So, I think this is a big problem, because if the cookie that client
sends
to server, is too big, the user is lost because can’t connect to server
anymore.
Wouldn’t it be better if instead of reply with “400 Bad Requests”, nginx
cut
the cookie, or pass directly to the application in fastcgi?
How apache manage this issue?
On Wed, 2007-10-17 at 09:31 +0200, Matteo N. wrote:
Manlio P. ha scritto:
You can also disable the master process.
Ok I found in the error_log:
*3486 client sent too long header line:
I think you need to set large_client_header_buffers:
http://wiki.codemongers.com/NginxHttpCoreModule#large_client_header_buffers
So, I think this is a big problem, because if the cookie that client sends
to server, is too big, the user is lost because can’t connect to server
anymore.
Wouldn’t it be better if instead of reply with “400 Bad Requests”, nginx cut
the cookie, or pass directly to the application in fastcgi?
How apache manage this issue?
I prefer Nginx to deny and log the request instead of corrupting
silently the data. Silent corruption are evil because they get unnoticed
and usually you end up taking days to troubleshoot the problem without
even knowing where to look at.
On Wed, Oct 17, 2007 at 09:31:57AM +0200, Matteo N. wrote:
Manlio P. ha scritto:
You can also disable the master process.
Ok I found in the error_log:
*3486 client sent too long header line:
So, I think this is a big problem, because if the cookie that client sends
to server, is too big, the user is lost because can’t connect to server
anymore.
large_client_header_buffers 4 8k;
Wouldn’t it be better if instead of reply with “400 Bad Requests”, nginx cut
the cookie, or pass directly to the application in fastcgi?
How apache manage this issue?
As I know Apache 1.3 had 8K buffer to read client request line and
header
lines.