On Thu, Aug 26, 2010 at 2:46 PM, James H Thompson <[email protected]> wrote: > I am setting up Varnish as a front end cache for a Mediawiki 1.16 > installation. > I started with the VCL configuration described here: > http://www.mediawiki.org/wiki/Manual:Varnish_caching > Varnish was not hitting its cache for many requests due to Mediawiki > cookies being in the client request. > Varnish VCL checks for cookies like this: > > # Pass requests from logged-in users directly. > if (req.http.Authorization || req.http.Cookie) > {pass;} /* Not cacheable by default */ > > > Digging through the traces and logs I noticed that a client can end up with > Mediawiki cookies without ever having logged into to Mediawiki. > In addtion, Mediawiki does not clear all of its cookies on a logout. > > Visiting a Mediawiki login page without even attempting to login > results in a "mw_session" cookie being set. This results in Varnish > treating all subsequent requests as coming from a logged in user > and ignores the Varnish cache. > > If you login to Mediawiki, the client ends up with these cookies: > > mwUserID= > mwUserName= > mw_session= > > After logging out it looks like: > > mwUserName= > mw_session= > mwLoggedOut= > > So after a logout, the Varnish cache is still ignored. > > Its possible to add checks to the Varnish VCL to ignore the spurious > Mediawiki cookies, but > I'm wondering if others have run into the same issue and how they have > addressed it. >
On my personal site, I changed: if (req.http.Authorization || req.http.Cookie) to: if (req.http.Authorization) Whether or not that is a good idea, I don't know. You may be able to pass on specific cookies as well; a good one to pass on would be the actual authentication cookie. Respectfully, Ryan Lane _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
