stackoom
  简体   繁体   中英

AWS cloudFront signed cookie fails intermittently for the same server

 原文  2017-01-30 11:32:43       java/ amazon-web-services/ cookies/ amazon-cloudfront

Question

We use AWS to store aduio/video content for our website.

We us the Signed Cookies Using a Canned Policy: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-canned-policy.html

So we have 3 cookies set for each request to retrieve the data: 

CloudFront-Policy;
CloudFront-Signature; 
CloudFront-Key-Pair-Id;

And it is used to access a resource URL like http://cloudfront.org_name.com/2016%2F7%2F1%2FStanding+Meditation_updated+91615.mp3

All three cookies are set by the server (Java-based) for each request anew to a correct pre-set value.

It all works most of the time for most of the content, but for some resources it just fails with a 403 Forbidden error.

If I open two contents (one working, one not) in separate browser tabs, all the cookies and the rest look exactly the same, except for the resource URL.

And yet - one works, while the other does not.

What is even more confusing, sometimes the same resource requested from the same physical client machine, once in FF, other time in Chrome, works in one browser but fails in other one.

Also, sometimes clearing user browser cookies works, the other time it fails, with no discernible pattern.

It's been driving me insane as I struggle to see what's wrong.

Can anyone provide any insight as to what the reason could be and what remedies could be tried?

1 answers

solution1
 0  2017-01-30 17:34:18

Okay, the answer is in my reply to Michael:

I noticed later on that the resource URLs for working and failing content were different. Pretty close to not spot the difference on the first sight, but diffrent. Everything was the same - cookes, headers, other parameters. But I was comparing 2 different contents. First URL always worked, second always failed.

Lesson learnt: carefully curl the two resources and analyse the uRLS to see what actually is different.

A tip: use Chrome's development tools to derive curl commands: Right click on the failing URL -> Copy-> Copy as cURL. Then paste in command line to test.

BTW, we just re-uploaded the failing resource and updated the referring web page - everything works again.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS S3 GET pre-signed url fails with CORS intermittently Cloudfront Signed Cookies full server-side implementation in java/javascript Gradle task fails intermittently Access denied to images served by secure signed URLs of Amazon CloudFront linked to private S3 bucket using AWS Java SDK Java Mail API fails intermittently 403 Forbidden error using Cloudfront signed cookies? InetAddress.getByName intermittently fails with System error Solr 4.8.1 DataImporter intermittently fails with no exception Eclipse intermittently fails to create the Java Virtual Machine Signed URL with AWS ApiGateway
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM