Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to set up nginx without cookies?

Tags:

nginx

webserver

cookieless

I see, especially here in Germany, more and mor web sites, asking for permission to set cookies. My current project doesn't require cookies on the application level. So I am wondering if i shouldn't drop cookies entirely.

My questions:

Is it possible to set up static web site with nginx entirely without the use of cookies?

And if so, is there a downside to cookieless sites?

like image 287
LongHike Avatar asked Jan 04 '23 16:01

LongHike

1 Answers

Yes, it is certainly possible.

There are absolutely no downsides° (°unless you care for tracking, user-login, or having any sort of preferences, although alternatives exist as well).

On the other hand, there are plenty of upsides — you ensure that if one user shared the URL with another one, that the URL will work as expected, as it doesn't depend on any cookies.

Note that with the help of nginx you can actually remove cookies even from backend applications that strictly do require the cookies. E.g., I did it for my OpenGrok installation at http://BXR.SU/, where I use nginx to strip the cookies, both ways, and effectively use the URL path on the client-facing side as the preference identifier in place of saving such information in the cookies, and subsequently converting such $uri into $args (in place of cookies) when passing the requests back to OpenGrok (if OpenGrok would not have supported $args as a fallback, it'd also be possible to still use cookies within the backend, but still clear them up before serving the content back to the client).

See http://serverfault.com/questions/462799/leverage-proxy-caching-with-nginx-by-removing-set-cookie-header/467774#467774 for some more discussion of my implementation. For example, the following may be used to ensure your backend can neither set nor get any cookies:

    proxy_hide_header       Set-Cookie;
    proxy_ignore_headers    Set-Cookie;
    # important! Remember the special inheritance rules for proxy_set_header:
    # http://nginx.org/ru/docs/http/ngx_http_proxy_module.html#proxy_set_header
    proxy_set_header        Cookie "";

Note that even with the above code, cookies could still be set and read by the front-end with the help of JavaScript.

like image 84
cnst Avatar answered Jan 08 '23 23:01

cnst
Sign in to Comment

Related questions

Heroku Local: "http" directive is duplicate
Can nginx handle duplicate X-Forwarded-For headers?
Deploy Angular2 with Router inside a Docker Container using Nginx
nginx / 413 Request Entity Too Large
Nginx/Django File Upload Permissions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!