jhaagmans Posted September 30, 2010 Share Posted September 30, 2010 Hi,I'm stumped by the amount of cookies Prestashop seems to send to the user on authentication. It's so much that it exceeds our proxy limit, which results in a 502 bad gateway error. Our webhost has increased this limit in the past, which worked for a while, but since then the cookie size seems to have grown even more. I feel this is very unnecessary. Cookies should be used to identify the user, not as a session cache. Prestashop is a wonderful package, but this will steer a significant amount of potential users away. The fact that Apache allows for an unlimited cookie size isn't necessarily a good thing.So, my question is: why is this and how can we get Prestashop to use smaller/less cookies?Thanks. Link to comment Share on other sites More sharing options...
alchemisto Posted October 1, 2010 Share Posted October 1, 2010 From what I knew, this will be an issue only if you use an NginX server due to the very small cookie allowed. CMIIWI've never encountered such problem with common Apache or Litespeed web server Link to comment Share on other sites More sharing options...
jhaagmans Posted October 1, 2010 Author Share Posted October 1, 2010 That's right. Apache allows for an unlimited cookie size. Do mind that that's not how it should be. In the new way of hosting your websites, many servers are behind proxies and load balancers. Those often don't allow for an unlimited cookie size. Also, some web browsers appear to block cookies that exceed a certain size. It won't be 5kB, but it's not a lot. nginx is a more than fine web server and should be taken into consideration. It's a very important reason not to choose Prestashop, but apart from that, it's not needed for the cookies to grow this big.A cookie should be used to identify the user. You use some kind of mechanism to link the user's system to a certain user (or customer in this case) in your database and get the actual values from there. What Prestashop does is set all kinds of user information in the cookie after logging in. That might be easy from a developer's point of view (although I sincerely doubt this), but it's bad practice. I develop web applications for a living and we also use cookies. We even use cookies to remember exactly where a user has been at any given time while visiting these web applications. However, these cookies rarely get bigger than 150 Bytes. All customer information is already saved in the database, so saving them in a cookie shouldn't be needed.Even if the reason for this is some kind of caching mechanism, there are much better ways to set up a session cache or even page caching.Prestashop is a wonderful package in many other ways, but this one thing makes it unusable for quite some potential users. And maybe even for their potential customers, which is even more important. I hope it can be fixed, it shouldn't be too hard and I'd even want to contribute if needed. Link to comment Share on other sites More sharing options...
alchemisto Posted October 1, 2010 Share Posted October 1, 2010 Actually, I absolutely agree with you. But since prestashop meets the requirements that i want from an e-commerce platform, I don't wanna wait any longer to use it for my online store I realize that this should be a big issue, and I hope the Presta Team and the community could fix this problem a.s.a.p. Link to comment Share on other sites More sharing options...
jhaagmans Posted October 4, 2010 Author Share Posted October 4, 2010 Is this what's been addressed in 1.3.2.3 ?EDIT: Guess not. Any comments on this? We'd love to use Prestashop. Link to comment Share on other sites More sharing options...
sdepablos Posted October 18, 2010 Share Posted October 18, 2010 A little on the safe side, but try to increase the cookie size in nginx:server { listen 80; server_name yourdomain.com; client_header_buffer_size 16k; large_client_header_buffers 16 16k; location / {restart nginx, clear cookies and try it again. Link to comment Share on other sites More sharing options...
Matthieu Biart Posted November 3, 2010 Share Posted November 3, 2010 Hi everyone!First of all I'd like to correct something: What Prestashop does is set all kinds of user information in the cookie after logging in. I'm very interested on where inside the PrestaShop source code you find out that.Since the PrestaShop source code is open, you can see by yourself that we only store I'd say 5 values maximum simultanously inside the user cookie. Which are indeed the PrestaShop customer ID, its cart ID and some other primary data IDs.Secondly, if the PrestaShop cookie is "that big" it is because it is encrypted (via the blowfish algorithm) for security reasons and therefore bigger than the few bytes required by those five values.If you want to remove this cookie encryption (that will for sure reduce significantly its size) and let your customer bypass the authentication process by changing their customer ID (taking other ones or even the merchant one), you're welcome. The source code is available, you can change it by yourself.But the official code source is secure and therefore technically need a big cookie. Link to comment Share on other sites More sharing options...
lantern Posted November 30, 2010 Share Posted November 30, 2010 I installed Prestashop today, impressed so far and it's running very quickly on nginx. Experiencing this issue I had a poke around the interwebs. Some searching uncovered a post on the nginx forums regarding the large cookie issue & fast cgi.NGINX Forum Max Header LengthI added the suggested values to the vhost file in my sites_available and it seems to have resolved the issue.I may try and reduce them to find the sweetspot between header size and server speed but for now, it's a working resolution.JR Link to comment Share on other sites More sharing options...
armadillo Posted April 15, 2011 Share Posted April 15, 2011 hi i am using sared server so my host cant change cookie limit, when i activated the SSL there is 502 bad gateway error on login page, how can i solve it? Link to comment Share on other sites More sharing options...
panoramis Posted April 17, 2011 Share Posted April 17, 2011 hierror 502 bad gateway nginxfor madule (data mining for statistics 1.0 v) a problem if you disable madule fix site u friends Link to comment Share on other sites More sharing options...
SahinSOLMAZ Posted January 3, 2014 Share Posted January 3, 2014 Hi PrestaShop! The problem solve: * Login to the your server panel (sample: plesk) * Open the page: Tools & Settings * Click the button: Services Management * ReStart => Reverse Proxy Server (nginx) and again test ______|| OR ||______ Stop => Reverse Proxy Server (nginx) and again test Source: click. Good work! Link to comment Share on other sites More sharing options...
Recommended Posts