Do I need to unset cookie in vcl_fetch if there is remove req.http.Cookie in vcl_recv?

Cosimo Streppone cosimo at streppone.it
Mon Feb 21 07:20:20 CET 2011


On Fri, 11 Feb 2011 11:48:47 +1100, David Murphy <david at firechaser.com>  
wrote:

> I've been testing removing cookies from images/css/js and am a little
> unclear on the difference between:
>
> //start ==========
>  sub vcl_recv {
>  if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
>        remove req.http.Cookie;
>   }

vcl_recv is run when varnish receives the request from the client.

"req.http.Cookie" is the Cookie header that the client
sends in its request. If you remove that, your backends
won't see any cookies and varnish will, by default, cache the
object.

> sub vcl_fetch {
>  if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
>    unset beresp.http.set-cookie;
>  }

This is vcl_fetch, that, I believe, it's run when
varnish has got the object from the backend already.

"beresp.http.set-cookie" is the Set-Cookie header
of your backend's response, so if you remove it that means
you want to strip any cookies that *your backend* might
want to send to the client.

I'm not sure if you set any cookies when serving images
(someone does), but maybe it's just an additional
"safety measure"?

Hope this helps.

-- 
Cosimo



More information about the varnish-misc mailing list