Re: Cookie handling
On Mon, Apr 20, 2009 at 02:54:33PM +0100, Sam Crawford wrote: > The issue arises when we write our custom definitions of vcl_fetch. If we > find a static URL we'd do some like "remove req.http.cookie" and then > "lookup". However, if the content was not found in memory then it goes to > the backend. But by this point the incoming SSO cookie of the user has been > removed, so their request to the backend is denied. > > So, is there a way to lookup a query in the hashtable *without* cookies, but > then if the request has to go to the backend *keep* the cookies? This is actually the default behavior. By default, only the url and hostname is part of the hash. However, the default vcl also explicitly passes any request with a cookie, which is why stripping the cookie is necessary. If you replicate the behavior you want from the default vcl in your own VCL, then end vcl_recv with lookup with a cookie, the object will be fetched using the cookie, then stored (as long as vcl_fetch allows it to be stored). Keep in mind, however, that any protection is lost, as cached data won't have their cookie confirmed. But I guess you're already aware of that. Hope this can point you in the right direction. -- Kristian Lyngstøl Redpill Linpro AS Tlf: +47 21544179 Mob: +47 99014497 pgpC7VABrMY9l.pgp Description: PGP signature ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Cookie handling
Afternoon all, I've been a keen user of Varnish for the past year or so and have just come across a use case that I'm having trouble implementing. I'm familiar with stripping the cookie upon insert and lookup in order to cache cookie-based content, but the following is a slight twist on this. We've got an SSO (single sign-on) service that requires an authentication cookie to be presented for any protected resource. Our current setup (which we're not able to change for a number of reasons) means that every URL under http://portal.company.com/* is SSO protected - including requests for static images, javascript, css, etc. Naturally we'd like to put Varnish in front of this portal to cache static content. The issue arises when we write our custom definitions of vcl_fetch. If we find a static URL we'd do some like "remove req.http.cookie" and then "lookup". However, if the content was not found in memory then it goes to the backend. But by this point the incoming SSO cookie of the user has been removed, so their request to the backend is denied. So, is there a way to lookup a query in the hashtable *without* cookies, but then if the request has to go to the backend *keep* the cookies? I appreciate that this is conceptually not an ideal solution (as we'll be caching another user's permissions to static content, etc etc), but any suggestions would be greatly appreciated. Thanks, Sam ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc