By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can we create a signed cookies for different ressources path ?

0

Hi,

I want to know if it's possible to create signed cookies on different resources on aws cloudfront? for example: I want to authorize the path https://example.com/path1/* and the https://example.com/path2/*.

I use the create a function in php, and replace the ressoureKey by https://example.com/path1/* but, is it possible to add https://example.com/path2/*?

Thanks.

Enter image description here

Topics
Networking & Content Delivery
Tags
Amazon CloudFront
Language
English
Stephane
asked a year ago412 views
1 Answer
1
Accepted Answer

I assume you are using PHP to send cookie to viewer. When you sent the set-cookie response header, you can specify the path it applies to

From PHP set-cookie

path

The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.

So you will generate 2 signed cookies and set it accordingly.

<?php
$arr_cookie_options1 = array (
                'expires' => time() + 60*60*24*30, 
                'path' => '/path1/', 
                'domain' => '.example.com', // leading dot for compatibility or use subdomain
                'secure' => true,     // or false
                'httponly' => true,    // or false
                'samesite' => 'None' // None || Lax  || Strict
                );
setcookie('CloudFront-Expires', 'SignedCookie Value1', $arr_cookie_options1);   

$arr_cookie_options2 = array (
                'expires' => time() + 60*60*24*30, 
                'path' => '/path2/', 
                'domain' => '.example.com', // leading dot for compatibility or use subdomain
                'secure' => true,     // or false
                'httponly' => true,    // or false
                'samesite' => 'None' // None || Lax  || Strict
                );
setcookie('CloudFront-Expires',  'SignedCookierValue2', $arr_cookie_options2);   
?>

Will need it to test though

AWS
EXPERT
MikeLim
answered a year ago
profile picture
EXPERT
Oleksii Bebych
reviewed a year ago
profile picture
EXPERT
Adeleke Adebowale Julius
reviewed a year ago
  • Stephane
    a year ago

    I'm not sure what you mean,

    What I'm trying to say is that it's possible to support multiple resources like this:

    https://xxx.cloudfront.net/audios/1/*
https://xxx.cloudfront.net/audios/2/*


$json = '{"Statement":[
    {
        "Resource":"'.$url.'",
        "Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}
    },
    {
        "Resource":"'.$url2.'",
        "Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}
    },
]}';

    note that to get the cookies I have to make a call to API gateway

  • MikeLim EXPERT
    a year ago

    I assume you are using PHP to set user cookie. Have updated my post. Hope this clarifies

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content