Cookie handling

Kristian Lyngstol kristian at redpill-linpro.com
Mon Apr 20 16:07:20 CEST 2009


On Mon, Apr 20, 2009 at 02:54:33PM +0100, Sam Crawford wrote:
> The issue arises when we write our custom definitions of vcl_fetch. If we
> find a static URL we'd do some like "remove req.http.cookie" and then
> "lookup". However, if the content was not found in memory then it goes to
> the backend. But by this point the incoming SSO cookie of the user has been
> removed, so their request to the backend is denied.
> 
> So, is there a way to lookup a query in the hashtable *without* cookies, but
> then if the request has to go to the backend *keep* the cookies?

This is actually the default behavior. By default, only the url and
hostname is part of the hash. However, the default vcl also explicitly
passes any request with a cookie, which is why stripping the cookie is
necessary.

If you replicate the behavior you want from the default vcl in your own
VCL, then end vcl_recv with lookup with a cookie, the object will be
fetched using the cookie, then stored (as long as vcl_fetch allows it to be
stored). 

Keep in mind, however, that any protection is lost, as cached data won't
have their cookie confirmed. But I guess you're already aware of that.

Hope this can point you in the right direction.

-- 
Kristian Lyngstøl
Redpill Linpro AS
Tlf: +47 21544179
Mob: +47 99014497
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://projects.linpro.no/pipermail/varnish-misc/attachments/20090420/aef6d099/attachment.pgp 


More information about the varnish-misc mailing list