0

There are multiple authentication nodes behind load balancer and have sticky session configured to make sure authentication request sent to the same node.

It only appeared in Chrome, but Firefox worked fine.

Here is the first request, INGRESSCOOKIE was set in response headers This is the first request, INGRESSCOOKIE was set in response headers

Below is the second subsequent request. set-cookie INGRESSCOOKIE was set again in response headers, while it's expected to be attached in request headers. This appeared in Chrome only enter image description here

Firefox worked fine without the same issue, below is the second request in Firefox with INGRESSCOOKIE attached in request headers. Any ideas what caused the issue? enter image description here

androidkc
  • 689
  • 2
  • 7
  • 16

1 Answers1

1

The issue was path:?(.*) in INGRESSCOOKIE, it may be a defect related to this https://github.com/kubernetes/ingress-nginx/issues/6812

It appeared that FF sees it matches everything, but Chrome doesn't match anything and remove the ingresscookie from request header from all subsequence request, and caused the login failed.

the workaround was adding nginx.ingress.kubernetes.io/session-cookie-path: "/" explicitly

androidkc
  • 689
  • 2
  • 7
  • 16