Mailing List Archive: h2 in 5.1.1 and jsessionid cookies ?

h2 in 5.1.1 and jsessionid cookies ?

Mar 17, 2017, 9:32 AM

Post #1 of 5 (659 views)

Hi,

I setup h2 with Hitch 1.4.4 and Varnish 5.1.1 following the guide in the
release announcement.

It works for stateless pages but if I try to log into our extranet where we
use an jsessionid cookie varnish seems to discard the cookie from the
request.

When I enter the login page I receive a jsessionid cookie in the browser.

When I submit the login form I am redirected to the login page with a new
jsessionid cookie.

If I disable alpn in the Hitch config everything works at it use to but of
course without h2...

From what I can find on google h2 is suppose to support h1 style cookies:
http://unrestful.io/2015/06/21/cookies.html

Do I need to change something in the VCL to support (jsessionid) cookies
with h2?

Med venlig hilsen / Kind regards,

Christian Bjørnbak

Chefudvikler / Lead Developer
TouristOnline A/S
Islands Brygge 43
2300 København S
Denmark
TLF: +45 32888230
Dir. TLF: +45 32888235

Re: h2 in 5.1.1 and jsessionid cookies ? [ In reply to ]

phk at phk

Mar 17, 2017, 9:47 AM

Post #2 of 5 (659 views)

Permalink

--------

Hej Christian,

Can you capture a varnishlog please ?

--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Re: h2 in 5.1.1 and jsessionid cookies ? [ In reply to ]

kokoniimasu at gmail

Mar 17, 2017, 10:26 AM

Post #3 of 5 (659 views)

Permalink

Hi,Christian.

#sorry I forgot add ml-list...

Are you manipulating cookies in Varnish?(set, get...)
Some browser send several cookie header by H/2.
Probably in order to make HPACK compression more effective.
you may want to use std.collect.
I added the this VCL in my environment.

sub vcl_recv{
if(req.proto ~ "HTTP/2"){
if(req.http.cookie){
std.collect(req.http.cookie);
set req.http.cookie = regsuball(req.http.cookie,", ","; ");
}
if(req.http.content-length){
// temporary...
// https://github.com/varnishcache/varnish-cache/issues/2247
unset req.http.content-length;
}
}
}

I hope to reference.

--
Shohei Tanaka(@xcir)
http://blog.xcir.net/

2017-03-18 1:32 GMT+09:00 Christian Bjørnbak <cbj@touristonline.dk>:
> Hi,
>
> I setup h2 with Hitch 1.4.4 and Varnish 5.1.1 following the guide in the
> release announcement.
>
> It works for stateless pages but if I try to log into our extranet where we
> use an jsessionid cookie varnish seems to discard the cookie from the
> request.
>
> When I enter the login page I receive a jsessionid cookie in the browser.
>
> When I submit the login form I am redirected to the login page with a new
> jsessionid cookie.
>
> If I disable alpn in the Hitch config everything works at it use to but of
> course without h2...
>
>
> From what I can find on google h2 is suppose to support h1 style cookies:
> http://unrestful.io/2015/06/21/cookies.html
>
>
> Do I need to change something in the VCL to support (jsessionid) cookies
> with h2?
>
>
>
> Med venlig hilsen / Kind regards,
>
> Christian Bjørnbak
>
> Chefudvikler / Lead Developer
> TouristOnline A/S
> Islands Brygge 43
> 2300 København S
> Denmark
> TLF: +45 32888230
> Dir. TLF: +45 32888235
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Re: h2 in 5.1.1 and jsessionid cookies ? [ In reply to ]

cbj at touristonline

Mar 17, 2017, 11:10 AM

Post #4 of 5 (659 views)

Permalink

Hi kokoniimasu,

if(req.http.cookie){
std.collect(req.http.cookie);
set req.http.cookie = regsuball(req.http.cookie,", ","; ");
}

did the trick for me..

Thanks for your help.

The other if only seems to be relevant and valid if the backend is a
varnish too? My backend is Apache.

Med venlig hilsen / Kind regards,

Christian Bjørnbak

Chefudvikler / Lead Developer
TouristOnline A/S
Islands Brygge 43
2300 København S
Denmark
TLF: +45 32888230
Dir. TLF: +45 32888235

2017-03-17 18:26 GMT+01:00 kokoniimasu <kokoniimasu@gmail.com>:

> Hi,Christian.
>
> #sorry I forgot add ml-list...
>
> Are you manipulating cookies in Varnish?(set, get...)
> Some browser send several cookie header by H/2.
> Probably in order to make HPACK compression more effective.
> you may want to use std.collect.
> I added the this VCL in my environment.
>
>
> sub vcl_recv{
> if(req.proto ~ "HTTP/2"){
> if(req.http.cookie){
> std.collect(req.http.cookie);
> set req.http.cookie = regsuball(req.http.cookie,", ","; ");
> }
> if(req.http.content-length){
> // temporary...
> // https://github.com/varnishcache/varnish-cache/issues/2247
> unset req.http.content-length;
> }
> }
> }
>
> I hope to reference.
>
> --
> Shohei Tanaka(@xcir)
> http://blog.xcir.net/
>
> 2017-03-18 1:32 GMT+09:00 Christian Bjørnbak <cbj@touristonline.dk>:
> > Hi,
> >
> > I setup h2 with Hitch 1.4.4 and Varnish 5.1.1 following the guide in the
> > release announcement.
> >
> > It works for stateless pages but if I try to log into our extranet where
> we
> > use an jsessionid cookie varnish seems to discard the cookie from the
> > request.
> >
> > When I enter the login page I receive a jsessionid cookie in the browser.
> >
> > When I submit the login form I am redirected to the login page with a new
> > jsessionid cookie.
> >
> > If I disable alpn in the Hitch config everything works at it use to but
> of
> > course without h2...
> >
> >
> > From what I can find on google h2 is suppose to support h1 style cookies:
> > http://unrestful.io/2015/06/21/cookies.html
> >
> >
> > Do I need to change something in the VCL to support (jsessionid) cookies
> > with h2?
> >
> >
> >
> > Med venlig hilsen / Kind regards,
> >
> > Christian Bjørnbak
> >
> > Chefudvikler / Lead Developer
> > TouristOnline A/S
> > Islands Brygge 43
> > 2300 København S
> > Denmark
> > TLF: +45 32888230
> > Dir. TLF: +45 32888235
> >
> > _______________________________________________
> > varnish-misc mailing list
> > varnish-misc@varnish-cache.org
> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

Re: h2 in 5.1.1 and jsessionid cookies ? [ In reply to ]

kokoniimasu at gmail

Mar 17, 2017, 11:48 AM

Post #5 of 5 (658 views)

Permalink

Hi,Christian.

Yes, my backend is Varnish.
Apache did not error by POST request in my test env too.
Probably, C-L is ignored in apache.(I'm not read apache source.)

rfc7230 is written

If a message is received with both a Transfer-Encoding and a
Content-Length header field, the Transfer-Encoding overrides the
Content-Length. Such a message might indicate an attempt to
perform request smuggling (Section 9.5) or response splitting
(Section 9.4) and ought to be handled as an error. A sender MUST
remove the received Content-Length field prior to forwarding such
a message downstream.

https://tools.ietf.org/html/rfc7230#section-3.3.3

2017-03-18 3:10 GMT+09:00 Christian Bjørnbak <cbj@touristonline.dk>:
> Hi kokoniimasu,
>
> if(req.http.cookie){
> std.collect(req.http.cookie);
> set req.http.cookie = regsuball(req.http.cookie,", ","; ");
> }
>
> did the trick for me..
>
> Thanks for your help.
>
> The other if only seems to be relevant and valid if the backend is a varnish
> too? My backend is Apache.
>
>
>
> Med venlig hilsen / Kind regards,
>
> Christian Bjørnbak
>
> Chefudvikler / Lead Developer
> TouristOnline A/S
> Islands Brygge 43
> 2300 København S
> Denmark
> TLF: +45 32888230
> Dir. TLF: +45 32888235
>
> 2017-03-17 18:26 GMT+01:00 kokoniimasu <kokoniimasu@gmail.com>:
>>
>> Hi,Christian.
>>
>> #sorry I forgot add ml-list...
>>
>> Are you manipulating cookies in Varnish?(set, get...)
>> Some browser send several cookie header by H/2.
>> Probably in order to make HPACK compression more effective.
>> you may want to use std.collect.
>> I added the this VCL in my environment.
>>
>>
>> sub vcl_recv{
>> if(req.proto ~ "HTTP/2"){
>> if(req.http.cookie){
>> std.collect(req.http.cookie);
>> set req.http.cookie = regsuball(req.http.cookie,", ","; ");
>> }
>> if(req.http.content-length){
>> // temporary...
>> // https://github.com/varnishcache/varnish-cache/issues/2247
>> unset req.http.content-length;
>> }
>> }
>> }
>>
>> I hope to reference.
>>
>> --
>> Shohei Tanaka(@xcir)
>> http://blog.xcir.net/
>>
>> 2017-03-18 1:32 GMT+09:00 Christian Bjørnbak <cbj@touristonline.dk>:
>> > Hi,
>> >
>> > I setup h2 with Hitch 1.4.4 and Varnish 5.1.1 following the guide in the
>> > release announcement.
>> >
>> > It works for stateless pages but if I try to log into our extranet where
>> > we
>> > use an jsessionid cookie varnish seems to discard the cookie from the
>> > request.
>> >
>> > When I enter the login page I receive a jsessionid cookie in the
>> > browser.
>> >
>> > When I submit the login form I am redirected to the login page with a
>> > new
>> > jsessionid cookie.
>> >
>> > If I disable alpn in the Hitch config everything works at it use to but
>> > of
>> > course without h2...
>> >
>> >
>> > From what I can find on google h2 is suppose to support h1 style
>> > cookies:
>> > http://unrestful.io/2015/06/21/cookies.html
>> >
>> >
>> > Do I need to change something in the VCL to support (jsessionid) cookies
>> > with h2?
>> >
>> >
>> >
>> > Med venlig hilsen / Kind regards,
>> >
>> > Christian Bjørnbak
>> >
>> > Chefudvikler / Lead Developer
>> > TouristOnline A/S
>> > Islands Brygge 43
>> > 2300 København S
>> > Denmark
>> > TLF: +45 32888230
>> > Dir. TLF: +45 32888235
>> >
>> > _______________________________________________
>> > varnish-misc mailing list
>> > varnish-misc@varnish-cache.org
>> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
>

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc