I have a small python app running via uwsgi with requests served by nginx.
I’m printing the environment variables… and it looks like after a couple of ok requests, nginx is sending the same HTTP_COOKIE param for unrelated requests:
For example:
{‘UWSGI_CHDIR’: ‘/ebs/py’, ‘HTTP_COOKIE’:
‘ge_t_c=4fcee8450c3bee709800920c’, ‘UWSGI_SCRIPT’: ‘server’,
‘uwsgi.version’: ‘1.1.2’, ‘REQUEST_METHOD’: ‘GET’, ‘PATH_INFO’:
‘/redirect/ebebaf3b-475a-4010-9a72-96eeff797f1e’, ‘SERVER_PROTOCOL’:
‘HTTP/1.1’, ‘QUERY_STRING’: ”, ‘x-wsgiorg.fdevent.readable’:
, ‘CONTENT_LENGTH’: ”,
‘uwsgi.ready_fd’: None, ‘HTTP_USER_AGENT’: ‘Mozilla/5.0 (compatible;
MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)’, ‘HTTP_CONNECTION’:
‘close’, ‘HTTP_REFERER’: ‘http://www.facebook.com/’, ‘SERVER_NAME’:
‘pixel.domain.com’, ‘REMOTE_ADDR’: ’10.load.bal.ip’,
‘wsgi.url_scheme’: ‘http’, ‘SERVER_PORT’: ’80’, ‘wsgi.multiprocess’:
True, ‘uwsgi.node’: ‘py.domain.com’, ‘DOCUMENT_ROOT’:
‘/etc/nginx/html’, ‘UWSGI_PYHOME’: ‘/ebs/py’, ‘uwsgi.core’: 127,
‘HTTP_X_FORWARDED_PROTO’: ‘http’, ‘x-wsgiorg.fdevent.writable’:
, ‘wsgi.input’:
,
‘HTTP_HOST’: ‘track.domain.com’, ‘wsgi.multithread’: False,
‘REQUEST_URI’: ‘/redirect/ebebaf3b-475a-4010-9a72-96eeff797f1e’,
‘HTTP_ACCEPT’: ‘text/html, application/xhtml+xml, /‘,
‘wsgi.version’: (1, 0), ‘x-wsgiorg.fdevent.timeout’: None,
‘HTTP_X_FORWARDED_FOR’: ’10.load.bal.ip’, ‘wsgi.errors’: , ‘REMOTE_PORT’: ‘36462’,
‘HTTP_ACCEPT_LANGUAGE’: ‘en-US’, ‘wsgi.run_once’: False,
‘HTTP_X_FORWARDED_PORT’: ’80’, ‘CONTENT_TYPE’: ”,
‘wsgi.file_wrapper’: ,
‘HTTP_ACCEPT_ENCODING’: ‘gzip, deflate’}
and
{‘UWSGI_CHDIR’: ‘/ebs/py’, ‘HTTP_COOKIE’:
‘ge_t_c=4fcee8450c3bee709800920c’, ‘UWSGI_SCRIPT’: ‘server’,
‘uwsgi.version’: ‘1.1.2’, ‘REQUEST_METHOD’: ‘GET’, ‘PATH_INFO’:
‘/redirect/2391e658-95ef-4300-80f5-83dbb1a0e526’, ‘SERVER_PROTOCOL’:
‘HTTP/1.1’, ‘QUERY_STRING’: ”, ‘x-wsgiorg.fdevent.readable’:
, ‘CONTENT_LENGTH’: ”,
‘uwsgi.ready_fd’: None, ‘HTTP_USER_AGENT’: ‘Mozilla/5.0 (iPad; CPU OS
5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko)
Version/5.1 Mobile/9B206 Safari/7534.48.3’, ‘HTTP_CONNECTION’:
‘close’, ‘HTTP_REFERER’: ‘http://www.facebook.com/’, ‘SERVER_NAME’:
‘pixel.domain.com’, ‘REMOTE_ADDR’: ’10.load.balancer.ip’,
‘wsgi.url_scheme’: ‘http’, ‘SERVER_PORT’: ’80’, ‘wsgi.multiprocess’:
True, ‘uwsgi.node’: ‘py.domain.com’, ‘DOCUMENT_ROOT’:
‘/etc/nginx/html’, ‘UWSGI_PYHOME’: ‘/ebs/py’, ‘uwsgi.core’: 127,
‘HTTP_X_FORWARDED_PROTO’: ‘http’, ‘x-wsgiorg.fdevent.writable’:
, ‘wsgi.input’:
,
‘HTTP_HOST’: ‘fire.domain.com’, ‘wsgi.multithread’: False,
‘REQUEST_URI’: ‘/redirect/2391e658-95ef-4300-80f5-83dbb1a0e526’,
‘HTTP_ACCEPT’:
‘text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8′,
‘wsgi.version’: (1, 0), ‘x-wsgiorg.fdevent.timeout’: None,
‘HTTP_X_FORWARDED_FOR’: ’10.load.bal.ip’, ‘wsgi.errors’: , ‘REMOTE_PORT’: ‘39498’,
‘HTTP_ACCEPT_LANGUAGE’: ‘en-us’, ‘wsgi.run_once’: False,
‘HTTP_X_FORWARDED_PORT’: ’80’, ‘CONTENT_TYPE’: ”,
‘wsgi.file_wrapper’: ,
‘HTTP_ACCEPT_ENCODING’: ‘gzip, deflate’}
These are 2 distinct clients. I opened an incognito session, confirmed that no cookie was sent in the headers, and the uwsgi log shows that it received the same HTTP_COOKIE.
How can I make sure that nginx only passes the proper information for the current request, without regard to other requests?
Figured it out…
I had to add this line to uwsgi_params in /etc/nginx/
uwsgi_param HTTP_COOKIE $http_cookie;
Without it, the HTTP_COOKIE variable could not be trusted in uwsgi/python app.