Strange Issue with cache and logged in users

Guillaume Quintard guillaume at varnish-software.com
Thu May 26 16:28:27 CEST 2016 

Are you able to isolate the faulty request in varnishlog? The one that
should be passed and isn't?

-- 
Guillaume Quintard

On Thu, May 26, 2016 at 4:07 PM, Pinakee BIswas <pinakee at waltzz.com> wrote:

> Further adding the observations with the following scenario:
>
>    1. Visit URL A-not-loggedin
>    2. Visit URL B-not-loggedin
>    3. User logs in
>    4. Visit URL A after logging in - varnish is serving the page -
>    A-not-loggedin
>    5. Visit URL B after logging in - varnish is serving the page
>    B-not-loggedin
>
> This means Varnish is serving the pages just visited (till cache expiry)
> irrespective of the fact that the page is being fetched from backend and
> that there is a pass in vcl_recv.
>
> I am unable to understand the above mentioned behavior - the VCL logic I
> used is simple as mentioned in the mail below.
>
> Regards,
>
> Pinakee
>
> On 26/05/16 6:24 pm, Pinakee BIswas wrote:
>
> Hi,
>
> I am facing a strange problem with Varnish cache. Ours is an ecommerce
> site wherein users can visit with or without logging in. I have written the
> VCL to unset cookies when user not logged in.
>
> The scenario is user logs in and then logs out. When the user logs out,
> Varnish is still delivering logged in pages to the user which is strange as
> the requests for logged in users go all the way to the backend and the
> pages are not supposed to get cached. I have been looking into this since
> quite some time and still not able to figure out the reason.
>
> Would appreciate any help.
>
> Thanks,
>
> Pinakee
>
> PFA the output from varnishlog.
>
> Following is the VCL code:
>
> sub vcl_recv {
>     # Happens before we check if we have this in cache already.
>     #
>     # Typically you clean up the request here, removing cookies you don't
> need,
>     # rewriting the request, etc.
>     set req.backend_hint = uwsgi;
>
>    if (req.method == "GET") {
>         if ((req.http.Cookie !~ "sessionid=") &&
>             (req.http.Cookie !~ "loggedin_user=") &&
>             (req.url !~ "^/esi")) {
>                 unset req.http.cookie; # strip the cookies - we don't need
> them
>         }
>     }
> }
>
> sub vcl_backend_response {
>     # Happens after we have read the response headers from the backend.
>     #
>     # Here you clean the response headers, removing silly Set-Cookie
> headers
>     # and other mistakes your backend does.
>     if (bereq.method == "GET") {
>                 set beresp.do_esi = true;
>         if ((beresp.http.Set-Cookie !~ "jivaana_user=") &&
>                 (beresp.http.Set-Cookie !~ "sessionid=") &&
>                 (bereq.http.Cookie !~ "sessionid=") &&
>                 (bereq.http.Cookie !~ "jivaana_user=") &&
>                 (bereq.url !~ "^/product/addtobasket")) {
>                 #unset beresp.http.Set-Cookie;
>                 set beresp.uncacheable = false;
>                 return(deliver);
>         }
>     }
> }
>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160526/2e52989d/attachment.html>

More information about the varnish-misc mailing list