You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Jeffrey E Rodriguez (JIRA)" <ji...@apache.org> on 2017/03/22 18:15:41 UTC
[jira] [Comment Edited] (KNOX-911) Ability to scope cookies to a
given Path
[ https://issues.apache.org/jira/browse/KNOX-911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15936792#comment-15936792 ]
Jeffrey E Rodriguez edited comment on KNOX-911 at 3/22/17 6:14 PM:
--------------------------------------------------------------------
Ok.
Let me see if I understand. You want the reverse proxy to route access to Knox instances given the Knox path.
The cookies Knox emits is the Jsession ( or the JWT or SSO cookie or some special cookies like rememberMe). So each instance may get something like this. (if gateway path are set gatewat1 and gateway2)
Knox 1
Set-Cookie: JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway1/default;Secure;HttpOnly
Knox 2
Set-Cookie: JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway2/default;Secure;HttpOnly
So you are setting up the gateway two different gateway paths.
I am still think that that can be set at the reverse proxy . The only difference is that you need to change the reverse proxy to use "cookie Path" as a URI selector.
:-) are we using Knox as reverse proxy?? (as a cascading proxy)
was (Author: jeffreyr97):
Ok.
Let me see if I understand. You want the reverse proxy to route access to Knox instances given the Knox path.
The cookies Knox emits is the Jsession ( or the JWT or SSO cookie or some special cookies like rememberMe). So each instance may get something like this. (if gateway path are set gatewat1 and gateway2)
Knox 1
Set-Cookie: JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway1/default;Secure;HttpOnly
Knox 2
Set-Cookie: JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway2/default;Secure;HttpOnly
So you are setting up the gateway two different gateway paths.
I am still think that that can be set as a sticky session at the reverse proxy. The only difference is that you need to change the reverse proxy to use "cookie Path" as a URI selector.
I am incline to think that the code to select hostname based on path may more sense on the reverse proxy.
:-) are we using Knox as reverse proxy?? (as a cascading proxy)
> Ability to scope cookies to a given Path
> ----------------------------------------
>
> Key: KNOX-911
> URL: https://issues.apache.org/jira/browse/KNOX-911
> Project: Apache Knox
> Issue Type: Wish
> Reporter: Attila Kanto
>
> If there are multiple individual Knox instances behind of a reverse proxy, then it would be very useful if the Cookies could be scoped to a given Path.
> If a reverse proxy is put at the font of multiple Knox instances then scoping the Cookies to domain is not sufficient since the /gateway1/... and /gateway2/... cookies will overwrite each other.
> {code}
> +---------------------------------+
> | |
> | Reverse Proxy |
> | |
> +---------------------------------+
> | |
> /gateway1/topology | | /gateway2/topology
> | |
> +----------------------------v----+ +--v------------------------------+
> | | | |
> | Knox 1 (/gateway1/topology) | | Knox 2 (/gateway2/topology) |
> | | | |
> +---------------------------------+ +---------------------------------+
> {code}
> Proposal:
> Cookies can be scoped with Set-Cookie: Path=/somepath header field.
> It would be very convenient if this scope path could be set in gateway-site.xml and Knox would return it in Set-Cookie header field to clients.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)