$http_cookie
The $http_cookie variable captures the value of the Cookie header from an incoming HTTP request. — NGINX Core (HTTP)
Description
In NGINX, the $http_cookie variable is used to access the value of the Cookie header sent by clients in their HTTP requests. This variable is set by NGINX during the processing of a request when it encounters the client-provided Cookie header. Typically, $http_cookie will contain a string of name-value pairs for each cookie, with pairs separated by semicolons. For example, if a request includes 'Cookie: user_id=12345; session_token=abcde;', then $http_cookie would return 'user_id=12345; session_token=abcde'. The variable is especially useful for web applications that rely on cookies for session management, tracking user states, or personalizing content based on user preferences. It can be accessed within various contexts like server, location, or if directives. When using this variable, it is important to keep in mind that its output may vary depending on the cookies set in the client's browser and whether they are allowed or modified by any related directives in the NGINX configuration. Given that cookies can contain sensitive information, it is advisable to handle this variable carefully to avoid unintentional exposure of data in logs or error messages, and to ensure that secure and HTTP-only cookie flags are respected in the application logic.
Config Example
location / {
if ($http_cookie ~* "session_id") {
# Logic that depends on the session_id cookie
}
}Subsystem
httpCacheable
YesContexts
http, server, location, ifThe $http_cookie variable will be empty if there are no cookies sent by the client.
Ensure that your application handles cookie data securely, especially if it contains sensitive information.
Using the variable in an 'if' context can introduce complexities regarding request handling and should be tested thoroughly.