Not quite. We don't unset the cookies in vcl_recv, but we've ensured
that that function ends with "lookup", so we never hit the default
recipe which would otherwise prevent caching if a cookie was set.
Then, we approximately do something like:
sub vcl_fetch {
if (obj.ttl > 0) {
unset obj.http.Set-Cookie;
}
....
}
What this means is that: If the backend thinks the response is
cacheable, then make sure we strip cookies. If it's not cacheable, then
we don't care if cookies are set or not.
Obviously this can't be applied blindly in front of an arbitrary
backend. Fortunately, our backends are running apps completely under
our control, so this isn't a worry.
Rob
David Murphy wrote:
Thanks Rob
We use
req.url ~ "^/admin/"
to identify the admin area of the site and we force Varnish to grab content
from back end and not cache anything if this is part of URL. Works fine for us.
So,for JS personalisation you're unsetting cookies when saving the pages to cache, and then unsetting when serving from cache?
Something like? ...
sub vcl_recv {
if (!req.url ~ "^/admin") {
unset req.http.cookie;
}
//snip
}
sub vcl_fetch {
if (req.url ~ "^/admin") {
unset beresp.http.set-cookie;
}
//snip
}
Best, David
________________________________________
From: Rob S [[email protected]]
Sent: 20 April 2010 16:40
To: David Murphy
Cc: Richard Chiswell; [email protected]
Subject: Re: Cookies - set on non-cached pages, read on all pages
We too operate a Varnish cache + JS for personalisation. Our approach
is as follows:
Normal GET request for normal public pages: unset cookie, serve cached page.
Requests for login page, admin or pages that are more personal than can
be achieved with JS: Make varnish transparent.
This is pretty simple, and works well for us. However, if you're not
able to identify the admin / login areas from the URL, then you might
find this quite hard.
Rob
David Murphy wrote:
Very helpful, thanks.
So the admin cookies are different from the simple JS cookies that provide the 'Hello
<user>' value?
My understanding is that if a page is cached with unique cookie then there will
be an object for every unique cookie value (tom, dick, harry etc) an as a
result we'll get a low hit-rate. However, my guess is that I've misunderstood
how this works, and that I'm wrong :)
Is it just the cookie name ('firstname') that is important rather than the
cookie value ('Tom') when decided whether to unset the cookie on a varnish
cached page?
Thanks, David
________________________________________
From: Richard Chiswell [[email protected]]
Sent: 20 April 2010 16:13
To: David Murphy
Cc: [email protected]
Subject: Re: Cookies - set on non-cached pages, read on all pages
Hi David,
On 20/04/2010 16:08, David Murphy wrote:
Thanks Rich
When you say ignore do you mean unset e.g.
sub vcl_recv {
//snip
unset req.http.cookie;
}
We do something like:
sub vcl_recv {
...
if (req.http.Cookie) {
set req.http.Cookie = ";" req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie,
";(Cookies|WeWantTo|Keep)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
remove req.http.Cookie;
}
}
...
}
The Cookies|We... regular expression are for things like admin cookies
which we want to be set.
Rich
_______________________________________________
varnish-misc mailing list
[email protected]
http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
_______________________________________________
varnish-misc mailing list
[email protected]
http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
