I have Nginx set up to proxy_pass requests to location /api to
127.0.0.1:3000, where Node.js is listening.
Node.js is running a server written with Express.js.
In my previous project, I used request session in Express to track
users. In that project, I didn’t use Nginx.
In the current project, I can’t use session because it simply doesn’t
save. I can write and read cookies, but not the request session. I
verified that the issue is in Nginx by running exact same code without
Nginx and being able to use request session.
My nginx.conf is as follows:
http {
include mime.types;
default_type application/octet-stream;
On Thu, Jul 21, 2011 at 06:45:00AM -0400, ilya wrote:
I have Nginx set up to proxy_pass requests to location /api to
127.0.0.1:3000, where Node.js is listening.
Node.js is running a server written with Express.js.
In my previous project, I used request session in Express to track
users. In that project, I didn’t use Nginx.
In the current project, I can’t use session because it simply doesn’t
save. I can write and read cookies, but not the request session. I
verified that the issue is in Nginx by running exact same code without
Nginx and being able to use request session.
How cookies are set? I.e. please show Set-Cookie header from
nginx (or backend) response. I suspect domain attribute doesn’t
match hostname of your nginx server, and that’s why cookies are
rejected by browsers.
Login successful. As you can see, connect.id cookie is set (this is what
Express.js session uses). Now, I make a request to resource where
session is checked:
Now, I just stumbled upon something I didn’t notice yesterday: the
property that I save on request session - the one that I can’t get to
work - apparently DOES work sometimes. Basically, if I keep logging in
and requesting resource - it works on some attempts. However, if I keep
requesting the resource after successful attempt - it breaks after few
requests and session goes back to original state.
On Thu, Jul 21, 2011 at 11:18:17AM -0400, ilya wrote:
[…]
Now, I just stumbled upon something I didn’t notice yesterday: the
property that I save on request session - the one that I can’t get to
work - apparently DOES work sometimes. Basically, if I keep logging in
and requesting resource - it works on some attempts. However, if I keep
requesting the resource after successful attempt - it breaks after few
requests and session goes back to original state.
Ok, so basically everything works fine but breaks sometimes,
right? It doesn’t looks like nginx issue for me, probably
something wrong with session storage on backend side.
Well, not really, since this happens only when nginx is used.
I and other people use Express sessions and they work, but in my case
nginx somehow breaks them. The fact that session becomes flaky with
introduction of nginx doesn’t mean Express is broken, it means that
nginx introduces some change that affects session.
On the backend, sessions stored in Redis.
Are you see sessions not being flacky while working directly with
your backend?
Correct. I’ve tested backend standalone and this doesn’t happen. Notice,
that in requests above connect.sid is changing every request. That is
not supposed to happen - with standalone backend connect.sid value is
constant across requests and changes either when user re-logins or it
expires.
Can it be because nginx talks HTTP/1.0 to backend?.. Ugh.
On Thu, Jul 21, 2011 at 12:28:39PM -0400, ilya wrote:
Are you see sessions not being flacky while working directly with
your backend?
Correct. I’ve tested backend standalone and this doesn’t happen. Notice,
So try to figure out what goes wrong. Dumping all of a session
requests till session break may be helpful, as well as dumping all
of the requests between nginx and your backend.
Instrumenting your backend’s code may be helpful as well (or even
easier).
that in requests above connect.sid is changing every request. That is
not supposed to happen - with standalone backend connect.sid value is
constant across requests and changes either when user re-logins or it
expires.
All of the requests you’ve provided have identical connect.sid as
far as I see.
Can it be because nginx talks HTTP/1.0 to backend?.. Ugh.
This may be a problem if e.g. your backend is multi-process, while
session store is local to process. With HTTP/1.1 and keepalive
you’ll be most likely talking to one process over established
connection (and everything seems to work ok), while though nginx
there will be new connection to your backend for each request and
you’ll be talking to many backend processes (and you’ll see
“flacky” sessions as described). This is a typical example of
“something wrong with session storage on backend side” as
mentioned in previous message.
On Thu, Jul 21, 2011 at 11:45:36AM -0400, ilya wrote:
Well, not really, since this happens only when nginx is used.
I and other people use Express sessions and they work, but in my case
nginx somehow breaks them. The fact that session becomes flaky with
introduction of nginx doesn’t mean Express is broken, it means that
nginx introduces some change that affects session.
On the backend, sessions stored in Redis.
Are you see sessions not being flacky while working directly with
your backend?
};
and gets existing session like so:
// get the sessionID from the cookie
req.sessionID = req.cookies[key];
So, can it be that nginx constantly modifies UA or filters out cookies?
Or anything else?
No, nginx doesn’t modify neither User-Agent nor Cookie headers
unless explicitly asked (with proxy_set_header directive).
All of the requests you’ve provided have identical
connect.sid as
far as I see.
Yeah, maybe the session lasted that long. I kept clicking and I saw
cookie change every few seconds, though.
you’ll be talking to many backend processes (and
you’ll see
“flacky” sessions as described). This is a
typical example of
“something wrong with session storage on backend
side” as
mentioned in previous message.