Can we create a signed cookies for different ressources path ?

0

Hi,

I want to know if it's possible to create signed cookies on different resources on aws cloudfront? for example: I want to authorize the path https://example.com/path1/* and the https://example.com/path2/*.

I use the create a function in php, and replace the ressoureKey by https://example.com/path1/* but, is it possible to add https://example.com/path2/*?

Thanks.

Enter image description here

asked 2 months ago118 views
1 Answer
1
Accepted Answer

I assume you are using PHP to send cookie to viewer. When you sent the set-cookie response header, you can specify the path it applies to

From PHP set-cookie

path

The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.

So you will generate 2 signed cookies and set it accordingly.

<?php
$arr_cookie_options1 = array (
                'expires' => time() + 60*60*24*30, 
                'path' => '/path1/', 
                'domain' => '.example.com', // leading dot for compatibility or use subdomain
                'secure' => true,     // or false
                'httponly' => true,    // or false
                'samesite' => 'None' // None || Lax  || Strict
                );
setcookie('CloudFront-Expires', 'SignedCookie Value1', $arr_cookie_options1);   

$arr_cookie_options2 = array (
                'expires' => time() + 60*60*24*30, 
                'path' => '/path2/', 
                'domain' => '.example.com', // leading dot for compatibility or use subdomain
                'secure' => true,     // or false
                'httponly' => true,    // or false
                'samesite' => 'None' // None || Lax  || Strict
                );
setcookie('CloudFront-Expires',  'SignedCookierValue2', $arr_cookie_options2);   
?>

Will need it to test though

AWS
EXPERT
Mike_L
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile picture
EXPERT
A_J
reviewed 2 months ago
  • I'm not sure what you mean,

    What I'm trying to say is that it's possible to support multiple resources like this:

    https://xxx.cloudfront.net/audios/1/*
    https://xxx.cloudfront.net/audios/2/*
    
    
    $json = '{"Statement":[
        {
            "Resource":"'.$url.'",
            "Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}
        },
        {
            "Resource":"'.$url2.'",
            "Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}
        },
    ]}';
    

    note that to get the cookies I have to make a call to API gateway

  • I assume you are using PHP to set user cookie. Have updated my post. Hope this clarifies

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions