#458 header set-cookie overflow

open
nobody
None
5
2009-09-28
2009-09-28
No

Varnish limits headers count to 32 [1] when reaching this limit send back a 503 error code, with this small patch all cookie hash stored in static array so no more header flood with set-cookie type.

[1] http://varnish.projects.linpro.no/browser/tags/varnish-2.0.4/varnish-cache/bin/varnishd/cache.h

Discussion

  • Jonathan Angliss

    Can you provide an example on when we're sending more than 32 cookies? The patch seems sensible, but it won't stop sending the same cookie multiple times if the cookie has different values.

     
  • Paul Lesniewski

    Paul Lesniewski - 2009-10-01

    I second Jon's request. I too think the patch is well written, but I am skeptical of adding CPU cycles when it may be a problem somewhere else that should be identified and fixed - in what one page request does SM send the same exact cookie 32 times and then some???

     
  • Gabor Gyorvari

    Gabor Gyorvari - 2011-10-30

    Sorry didnt received any e-mail thats new comments on my ticket.

    So here are an example a simple login traced in FireBug:

    Date Sun, 30 Oct 2011 12:08:57 GMT
    Server Apache
    Set-Cookie SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/ SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly SQMSESSID=4d671cbd22a3ca7f6713876ecac1a7ab; path=/sqmail/; secure; HttpOnly squirrelmail_language=hu_HU; expires=Tue, 29-Nov-2011 12:08:57 GMT; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/ SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly key=7el3RlmK; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly SQMSESSID=b7d671817835754ffea772f0ebd0cfa7; path=/sqmail/; secure; HttpOnly
    Expires Sat, 1 Jan 2000 00:00:00 GMT
    Cache-Control no-cache, no-store, must-revalidate
    Pragma no-cache
    Location webmail.php
    Vary Accept-Encoding
    Content-Encoding gzip
    Content-Length 20
    Connection close
    Content-Type text/html; charset=utf-8

    So many identical data in Set-Cookie header, so we know that every cookie set in this header part was generated by header('Set-Cookie: ' ... ) line in sqsetcookie() function.

    New question is why using header() function to generate cookies and not using setcookie()?

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks