2

we have a little problem with Zabbix Web Scenario setup and we would ask you for help. We configured Zabbix's web scenario to check the adding products into the cart on our eshop.

Scenario works follow

1) Zabbix call eshop.com/checkout/cart/add/product_id/XXX

2) E-shop creates a session, add the product XXX into the cart and returns the redirect to eshop.com/checkout/cart with "Set-Cookie: frontend=YYY" for identifying the session in next requests

3) Zabbix follows the redirect to eshop.com/checkout/cart with "Cookie: frontend=YYY"

4) Eshop returns HTML of the cart page

5) Zabbix checks the cart's HTML and say "Yes, the product was added" or "No, the product was not added".

Thats all. Unfortunately, if Eshop receives a request without "Cookie" then redirects the user to a page "You are disabled Cookie. This site needs Cookie", that breaks step 2. Uff. We solved this by adding cookie "some_cookie_to_avoid_no_cookie_page" to the web scenario's setup (see screenshot)

enter image description here

It works fine at first sight, but there is a catch. In step 3, zabbix joins the cookie from Eshop with the cookie from scenario's settings and as a separator is used comma (,), instead of (;). Thus, Zabbix sends

Cookie: frontend=YYY, some_cookie_to_avoid_no_cookie_page=1

, but Eshop expects

Cookie: frontend=YYY; some_cookie_to_avoid_no_cookie_page=1

Due to this separator confusing Eshop does not recognize cookie "frontend" correctly, it will not find the session and returns empty cart's HTML to Zabbix. That's problem.

For now we removed "some_cookie_to_avoid_no_cookie_page" from scenario's setup and disabled redirecting to "You are disabled Cookie. This site needs Cookie", but it is only trade-off for us. My question is: Is there a better solution? For example:

  • tell to Zabbix to join the cookies by ';'
  • tell to Zabbix to send "some_cookie_to_avoid_no_cookie_page" only if no other cookies are present (unfortunately the steps 1 to 5 are atomic, we are not able to Zabbix to send "some_cookie_to_avoid_no_cookie_page" only in step 2 - maybe dividing the scenario to two steps 1-2 and 3-5, but it would need to remember cookie frontend - it would be possible?
  • some other solution ...

Many thanks. Jirka Ch.

Jiří Chmiel
  • 876
  • 6
  • 20
  • 1
    I've run into the same problem and logged an issue for this: https://support.zabbix.com/browse/ZBX-15479. – Bouke Jan 21 '19 at 10:14

1 Answers1

0

According to https://www.ietf.org/rfc/rfc2109.txt , page 9, servers should accept comma as a cookie separator:

Note: For backward compatibility, the separator in the Cookie header is semi-colon (;) everywhere. A server should also accept comma (,) as the separator between cookie-values for future compatibility.

Even though the RFC is some 20 years old, there are still servers around that only support semicolon. Consider creating a feature request for Zabbix to have an option for the cookie separator.

Richlv
  • 3,954
  • 1
  • 17
  • 21
  • RFC 2109 has been superseded by various other specifications, including [RFC 6265](http://www.rfc-editor.org/rfc/rfc6265.txt). The latter doesn't include this note about backward compatibility, thus sending a comma to separate cookies would be considered incorrect. – Bouke Jan 21 '19 at 08:05