From user-return-5533-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org  Tue Mar  5 04:08:47 2019
Return-Path: <user-return-5533-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 9D15A18067E
	for <archive-asf-public@cust-asf.ponee.io>; Tue,  5 Mar 2019 05:08:46 +0100 (CET)
Received: (qmail 54543 invoked by uid 500); 5 Mar 2019 04:08:40 -0000
Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@guacamole.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@guacamole.apache.org>
List-Post: <mailto:user@guacamole.apache.org>
List-Id: <user.guacamole.apache.org>
Reply-To: user@guacamole.apache.org
Delivered-To: mailing list user@guacamole.apache.org
Received: (qmail 54529 invoked by uid 99); 5 Mar 2019 04:08:40 -0000
Received: from mail-relay.apache.org (HELO mailrelay1-lw-us.apache.org) (207.244.88.152)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Mar 2019 04:08:40 +0000
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174])
	by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id 535C9449E
	for <user@guacamole.apache.org>; Tue,  5 Mar 2019 04:08:39 +0000 (UTC)
Received: by mail-oi1-f174.google.com with SMTP id u128so5788342oie.2
        for <user@guacamole.apache.org>; Mon, 04 Mar 2019 20:08:39 -0800 (PST)
X-Gm-Message-State: APjAAAXBQ4S+8Kir9rxYMmzdHLag+vyMWaAP40LRDbaSvAKKuUFxYn6y
	OTu3/2mQ9CyiczG+4yJGB6+EKn3IRe6yMK5NoKzLBQ==
X-Google-Smtp-Source: APXvYqzJ0Ti32k8zUNS1jd/emS6e2yACBDQfvVZQ8uE0vzgfJGniKHnpc3Bjoyp0vEXyGeqbsaZRfeunyubtUcx9JO4=
X-Received: by 2002:aca:dc41:: with SMTP id t62mr816339oig.170.1551758918773;
 Mon, 04 Mar 2019 20:08:38 -0800 (PST)
MIME-Version: 1.0
References: <DM6PR01MB43314344541641C6648F98D2CA700@DM6PR01MB4331.prod.exchangelabs.com>
 <CAFjj602Cq=X+dHzY4WSswpXy5K8eb3_ej04haNZd94kps=p_WQ@mail.gmail.com>
 <1551744254104-0.post@n4.nabble.com> <DM6PR01MB4331C0F09C67B9F7AE466A4DCA720@DM6PR01MB4331.prod.exchangelabs.com>
In-Reply-To: <DM6PR01MB4331C0F09C67B9F7AE466A4DCA720@DM6PR01MB4331.prod.exchangelabs.com>
From: Mike Jumper <mjumper@apache.org>
Date: Mon, 4 Mar 2019 20:08:01 -0800
X-Gmail-Original-Message-ID: <CALKeL-Mimnbbj9=pDS=dUMEpH1ApHocJn05MggYjJnsNf-Hrrw@mail.gmail.com>
Message-ID: <CALKeL-Mimnbbj9=pDS=dUMEpH1ApHocJn05MggYjJnsNf-Hrrw@mail.gmail.com>
Subject: Re: 1.0.0 LocalStorage auth instead of cookies
To: user@guacamole.apache.org
Content-Type: multipart/alternative; boundary="0000000000002186510583510724"

--0000000000002186510583510724
Content-Type: text/plain; charset="UTF-8"

On Mon, Mar 4, 2019 at 7:49 PM Lev Dubinets <levdubinets@live.com> wrote:

> To add to that, I'd bet that most serious deployments of guacamole are
> putting it behind nginx or some other proxy and/or load balancer.
>

Yes, though it's mainly guacd that needs the most balancing.

The cookies allow the backend to control and isolate guacamole sessions or
> deployments. This is really useful. For large-scale deployments this has to
> be a must-have feature.
>

No. With respect to routing of sticky sessions, the typical case would
involve configuring the balancer to set its own cookie independent of the
backend session.

Setting an HTTP header specifically for use by balancers (such that they
can properly route future requests based on the "token" parameter) might be
a good way to expand this case. Additionally setting and accepting a cookie
as an optional alternative to the "token" parameter might also be worth
doing. It's definitely not a requirement for a deployment to be
large/serious.

- Mike

--0000000000002186510583510724
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Mon, Mar 4, 2019 at 7:49 PM Lev Dubine=
ts &lt;<a href=3D"mailto:levdubinets@live.com">levdubinets@live.com</a>&gt;=
 wrote:<br></div><div class=3D"gmail_quote"><blockquote class=3D"gmail_quot=
e" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204)=
;padding-left:1ex">




<div dir=3D"ltr">
<div style=3D"font-family:Verdana,Geneva,sans-serif;font-size:12pt;color:rg=
b(0,0,0)">
To add to that, I&#39;d bet that most serious deployments of guacamole are =
putting it behind nginx or some other proxy and/or load balancer.</div></di=
v></blockquote><div><br></div><div>Yes, though it&#39;s mainly guacd that n=
eeds the most balancing.</div><div><br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex"><div dir=3D"ltr"><div style=3D"font-family:Verdana,Gene=
va,sans-serif;font-size:12pt;color:rgb(0,0,0)">The cookies allow the backen=
d to control and isolate guacamole sessions or deployments. This is really =
useful. For large-scale
 deployments this has to be a must-have feature.</div></div></blockquote><d=
iv><br></div><div>No. With respect to routing of sticky sessions, the typic=
al case would involve configuring the balancer to set its own cookie indepe=
ndent of the backend session.</div><div><br></div><div>Setting an HTTP head=
er specifically for use by balancers (such that they can properly route fut=
ure requests based on the &quot;token&quot; parameter) might be a good way =
to expand this case. Additionally setting and accepting a cookie as an opti=
onal alternative to the &quot;token&quot; parameter might also be worth doi=
ng. It&#39;s definitely not a requirement for a deployment to be large/seri=
ous.</div><div><br></div><div>- Mike</div><div><br></div></div></div>

--0000000000002186510583510724--