Nginx Set-Cookie directive

nginx

Is it possible to modify cookies when using nginx as a reverse proxy similar to what Set-Cookie does in apache?

I have a web application that sets session cookies and I wish to append the HttpOnly flag to them before they are served by nginx. Unfortunatly I cannot modify the source code of the application to do it there.

Best Answer

You can always use add_header to add one, but even if you parse cookies coming down from backend looking at the http_cookie variable, you won't be able to modify them using vanilla nginx.

What you could use however is the 3rd-party Lua module. The link provided by Kyle Sith has an answer containg a small code snippet manipulating cookies (https://serverfault.com/a/448887/140131).

Related Solutions

Nginx – Controlling Nginx proxy target using a cookie

Similar to this answer. Nginx's idiomatic approach to this kind of problems is via map.

Basically, you define a map in http section

map $cookie_proxy_override $my_upstream {
  default default-server-or-upstream;
  ~^(?P<name>[\w-]+) $name;
}

Then you simply use $my_upstream in location section(s):

location /original-request {
  proxy_pass http://$my_upstream$uri;
}

Nginx evaluates map variables lazily, only once (per request) and when you are using them.

Nginx – How to check Cookie header line and custom cache on Nginx

If you set your proxy_cache_key to some string that contains cookie variable, than all users with different cookies will have its own cached version of page.

Like this

  proxy_cache_key  "$host$request_uri$cookie_auth_id";

This will allow both caching and distinctive pages for different users.

Best Answer

Related Solutions

Nginx – Controlling Nginx proxy target using a cookie

Nginx – How to check Cookie header line and custom cache on Nginx

Related Topic