Willy,
Thanks for the explanation. I had asked about using the following parameters: cookie HAPROXYID insert nocache But the current documentation shows the following examples: cookie JSESSIONID prefix cookie SRV insert indirect nocache cookie SRV insert postonly indirect cookie SRV insert indirect nocache maxidle 30m maxlife 8h In each case, where insert is used, indirect is specified. Recommended? Actually, is the last entry (with maxidle and maxlife) optimal? (My old appsession parameter had a 3H lifetime.) -----Original Message----- From: Willy Tarreau [mailto:[email protected]] Sent: June-02-17 10:52 AM To: Lukas Tribus <[email protected]> Cc: Norman Branitsky <[email protected]>; Cyril Bonté <[email protected]>; [email protected] Subject: Re: HAProxy 1.7.5 cookie JSESSIONID prefix not working Hi Lukas, On Wed, May 31, 2017 at 12:59:41AM +0200, Lukas Tribus wrote: > Hello Norman, > > > Am 31.05.2017 um 00:13 schrieb Norman Branitsky: > > Should I continue with adding "cookie /id/" to the server statement > > in conjunction with > > cookie JSESSIONID prefix nocache > > > > Or, should I follow Lukas' suggestion and insert my own HAPROXYID > > cookie like this: > > cookie HAPROXYID insert nocache > > Personally I dislike messing with application cookies on the proxy. > It just feels wrong, unclean and frankly unnecessary. > > Using a dedicated cookie seems like the right thing to do, at least in > my opinion. > > I don't think there are strong technical arguments for either one of > those configurations, this is just my personal distaste for messing > with application data. +1. For those who were not there 12 years ago, "cookie prefix" was created for a class of mobile browsers which were not able to learn more than one cookie, so there was no other option but to complement the existing application cookie. It could be argued that in environments polluted by many cookies it could be used to avoid hitting some browsers' limits, but quite frankly given all the dynamic code running in browsers nowadays, it's risky to fiddle with application cookies in modern applications. The rule of one cookie per layer should apply. The LB is in front of the application, it should use its own cookie whenever it's possible. Willy
