Hi Sylvain.

Am 16-11-2015 17:06, schrieb Sylvain Faivre:
Hi Aleks,

On 11/10/2015 10:56 PM, Aleksandar Lazic wrote:
Dear Sylvain Faivre,

[snipp]

This would be helpfully to see the full response.
Maybe some appserver behaves different.

As far as I know, there is no way for the server to detect if the
client has cookies enabled, by looking only at the first request from
that client.

According to a quick Google search, the most common ways to detect
cookies support are either to use Javascript (so client-side check) or
to reply with a redirect response with the cookie set, then when
processing the redirected URL, check if the client sent the cookie
along with the request (so this case will be covered by the proposed
HAproxy settings).

Yes. That's also my experience.

I don't feel comfortable giving our application server version on a
public list, but I will send it to you in private.

thanks.

Here are the headers from a client request and server reply, with a
brand new profile on the client (with cookies disabled) :

- request :
GET /front/url1.do?m=booking&langcode=FR HTTP/1.1
Host: redacted.host.domain
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0)
Gecko/20100101 Firefox/42.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

- reply :
HTTP/1.1 200 OK
Date: Mon, 16 Nov 2015 15:25:41 GMT
Content-Type: text/html;charset=ISO-8859-15
Set-Cookie: JSESSIONID=uNmYNvgUME5-8LYPzimsCg__.8d15fc; Path=/front
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

And here is a URL sample from the body of the reply. You will notice
that the jsessionid is there twice, first one after a semicolon and
second one after a question mark. I am not sure if this comes from the
application server of from our custom code.

<script
src="https://redacted.host.domain/front/url2.do;jsessionid=uNmYNvgUME5-8LYPzimsCg__.8d15fc?jsessionid=uNmYNvgUME5-8LYPzimsCg__.8d15fc&langcode=FR";
language="JavaScript"></script>

thanks.

As described here

http://git.haproxy.org/?p=haproxy-1.6.git;a=blob;f=doc/configuration.txt;h=45d1aacfbe0d2d53193f7956a0dd03e5f8151ea6;hb=HEAD#l5043

option http-buffer-request

maybe you should stick on the header ;-)

[snipp]

Oh yes please tell us the results so that we can add this as migration
example for appsession.

OK, I will. This will not go into production yet, we still need to run
it on a test environment for at least 3 weeks...

Thanks.

Best regards
Aleks

Reply via email to