Capture and log a cookie in the request and in the response. May be used in sections :

defaults frontend listen backend no no yes yes yes yes no no

Arguments :

<name> is the beginning of the name of the cookie to capture. In order to match the exact name, simply suffix the name with an equal sign ('='). The full name will appear in the logs, which is useful with application servers which adjust both the cookie name and value (eg: ASPSESSIONXXXXX).

<length> is the maximum number of characters to report in the logs, which include the cookie name, the equal sign and the value, all in the standard "name=value" form. The string will be truncated on the right if it exceeds .

Only the first cookie is captured. Both the "cookie" request headers and the "set-cookie" response headers are monitored. This is particularly useful to check for application bugs causing session crossing or stealing between users, because generally the user's cookies can only change on a login page.

When the cookie was not presented by the client, the associated log column will report "-". When a request does not cause a cookie to be assigned by the server, a "-" is reported in the response column.

The capture is performed in the frontend only because it is necessary that the log format does not change for a given frontend depending on the backends. This may change in the future. Note that there can be only one "capture cookie" statement in a frontend. The maximum capture length is set by the global "tune.http.cookielen" setting and defaults to 63 characters. It is not possible to specify a capture in a "defaults" section.

Example:

capture cookie ASPSESSION len 32

See also : "capture request header", "capture response header" as well as section 8 about logging.

results matching ""

    No results matching ""