h2 in 5.1.1 and jsessionid cookies ?

kokoniimasu kokoniimasu at gmail.com
Fri Mar 17 19:48:40 CET 2017 

Hi,Christian.

Yes, my backend is Varnish.
Apache did not error by POST request in my test env too.
Probably, C-L is ignored in apache.(I'm not read apache source.)

rfc7230 is written

       If a message is received with both a Transfer-Encoding and a
       Content-Length header field, the Transfer-Encoding overrides the
       Content-Length.  Such a message might indicate an attempt to
       perform request smuggling (Section 9.5) or response splitting
       (Section 9.4) and ought to be handled as an error.  A sender MUST
       remove the received Content-Length field prior to forwarding such
       a message downstream.

   https://tools.ietf.org/html/rfc7230#section-3.3.3

2017-03-18 3:10 GMT+09:00 Christian Bjørnbak <cbj at touristonline.dk>:
> Hi kokoniimasu,
>
>     if(req.http.cookie){
>       std.collect(req.http.cookie);
>       set req.http.cookie = regsuball(req.http.cookie,", ","; ");
>     }
>
> did the trick for me..
>
> Thanks for your help.
>
> The other if only seems to be relevant and valid if the backend is a varnish
> too? My backend is Apache.
>
>
>
> Med venlig hilsen / Kind regards,
>
> Christian Bjørnbak
>
> Chefudvikler / Lead Developer
> TouristOnline A/S
> Islands Brygge 43
> 2300 København S
> Denmark
> TLF: +45 32888230
> Dir. TLF: +45 32888235
>
> 2017-03-17 18:26 GMT+01:00 kokoniimasu <kokoniimasu at gmail.com>:
>>
>> Hi,Christian.
>>
>> #sorry I forgot add ml-list...
>>
>> Are you manipulating cookies in Varnish?(set, get...)
>> Some browser send several cookie header by H/2.
>> Probably in order to make HPACK compression more effective.
>> you may want to use std.collect.
>> I added the this VCL in my environment.
>>
>>
>> sub vcl_recv{
>>   if(req.proto ~ "HTTP/2"){
>>     if(req.http.cookie){
>>       std.collect(req.http.cookie);
>>       set req.http.cookie = regsuball(req.http.cookie,", ","; ");
>>     }
>>     if(req.http.content-length){
>>       // temporary...
>>       // https://github.com/varnishcache/varnish-cache/issues/2247
>>       unset req.http.content-length;
>>     }
>>   }
>> }
>>
>> I hope to reference.
>>
>> --
>> Shohei Tanaka(@xcir)
>> http://blog.xcir.net/
>>
>> 2017-03-18 1:32 GMT+09:00 Christian Bjørnbak <cbj at touristonline.dk>:
>> > Hi,
>> >
>> > I setup h2 with Hitch 1.4.4 and Varnish 5.1.1 following the guide in the
>> > release announcement.
>> >
>> > It works for stateless pages but if I try to log into our extranet where
>> > we
>> > use an jsessionid cookie varnish seems to discard the cookie from the
>> > request.
>> >
>> > When I enter the login page I receive a jsessionid cookie in the
>> > browser.
>> >
>> > When I submit the login form I am redirected to the login page with a
>> > new
>> > jsessionid cookie.
>> >
>> > If I disable alpn in the Hitch config everything works at it use to but
>> > of
>> > course without h2...
>> >
>> >
>> > From what I can find on google h2 is suppose to support h1 style
>> > cookies:
>> > http://unrestful.io/2015/06/21/cookies.html
>> >
>> >
>> > Do I need to change something in the VCL to support (jsessionid) cookies
>> > with h2?
>> >
>> >
>> >
>> > Med venlig hilsen / Kind regards,
>> >
>> > Christian Bjørnbak
>> >
>> > Chefudvikler / Lead Developer
>> > TouristOnline A/S
>> > Islands Brygge 43
>> > 2300 København S
>> > Denmark
>> > TLF: +45 32888230
>> > Dir. TLF: +45 32888235
>> >
>> > _______________________________________________
>> > varnish-misc mailing list
>> > varnish-misc at varnish-cache.org
>> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
>

More information about the varnish-misc mailing list