Hi Aleks, On Mon, Aug 09, 2021 at 06:40:29PM +0200, Aleksandar Lazic wrote: > Hi. > > We use the HAProxy 2.4 image which have now HAProxy 2.4.2. > https://hub.docker.com/layers/haproxy/library/haproxy/2.4/images/sha256-d5e2a5261d6367c31c8ce9b2e692fe67237bdc29f37f2e153d346e8b0dc7c13b?context=explore > > I get this message for dynamic cookies. > > ``` > [WARNING] (1) : We generated two equal cookies for two different servers. > Please change the secret key for 'my-haproxy'. > ``` > > But from my point of view and for server-template and dynamic-cookie-key make > this message no sense or am I wrong?
The problem is that when using dynamic cookies, the dynamic-cookie-key, the server's IP, and its port are hashed together to generate a fixed cookie value that will be stable across a cluster of haproxy LBs, but hashes are never without collisions despite being 64-bit, and here you apparently faced one. Given how unlikely it is, I suspect that the issue in fact is that you might have multiple servers on the same address. Maybe just during some DNS transitions. If that's the case, maybe we should improve the collision check to only report it if it happens for servers with different addresses. Willy
