Menu
▾
▴
#458 header set-cookie overflow
Varnish limits headers count to 32 [1] when reaching this limit send back a 503 error code, with this small patch all cookie hash stored in static array so no more header flood with set-cookie type.
[1] http://varnish.projects.linpro.no/browser/tags/varnish-2.0.4/varnish-cache/bin/varnishd/cache.h
Can you provide an example on when we're sending more than 32 cookies? The patch seems sensible, but it won't stop sending the same cookie multiple times if the cookie has different values.
I second Jon's request. I too think the patch is well written, but I am skeptical of adding CPU cycles when it may be a problem somewhere else that should be identified and fixed - in what one page request does SM send the same exact cookie 32 times and then some???
Sorry didnt received any e-mail thats new comments on my ticket.
So here are an example a simple login traced in FireBug:
Date Sun, 30 Oct 2011 12:08:57 GMT
Server Apache
Set-Cookie SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/ SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly squirrelmail_language=hu_HU; expires=Tue, 29-Nov-2011 12:08:57 GMT; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/ SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly key=7el3RlmK; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly
Expires Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control no-cache, no-store, must-revalidate
Pragma no-cache
Location webmail.php
Vary Accept-Encoding
Content-Encoding gzip
Content-Length 20
Connection close
Content-Type text/html; charset=utf-8
So many identical data in Set-Cookie header, so we know that every cookie set in this header part was generated by header('Set-Cookie: ' ... ) line in sqsetcookie() function.
New question is why using header() function to generate cookies and not using setcookie()?