By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFront cache policy incorrect Set-Cookie behaviour

1

We've experienced a new issue with CloudFront. We have a cache policy set to cache for 30 seconds (min, max and default are 30 seconds) with no headers, cookies or query parameters configured. We had it like that for a few months, but we've just started having issues because it was returning a Set-Cookie header in the cached response. According to the docs, Set-Cookie headers are supposed to be removed when no cookies are configured.

This is really problematic since it means someone can receive a private cookie meant for someone else. We were only able to reproduce the issue in some regions (Europe) and we think it started somewhere around Saturday (2023-11-05).

Topics
Networking & Content Delivery
Tags
Amazon CloudFront
Language
English
Frederic Gascon
asked 6 months ago268 views
1 Answer
0

Hi, like you wrote, CloudFront should include the Set-Cookie header if no cookies are forwarded to the origin.

To address your distribution/account-specific question, please open a technical support ticket. Please provide us with more details about the response, ideally the X-Amz-Cf-Id header value. You can also add the Distribution ID and path that is returning incorrect response headers.

AWS
Piotrek
answered 6 months ago
  • Frederic Gascon
    6 months ago

    Is paying for technical support really the only way to report a potential new bug on AWS side?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content