caching of request with cookies

Stewart Robinson stewsnooze at gmail.com
Thu Sep 23 11:22:55 CEST 2010 

Whilst I don't think Varnish should change the default behaviour
because most sites use cookies to pass around session based
information which evolved after the http spec was written I think you
would probably just add the cookie to your vcl_hash function and

change this in vcl_recv
     if (req.http.Authorization || req.http.Cookie) {
         /* Not cacheable by default */
         return (pass);
    }

to
     if (req.http.Authorization) {
         /* Not cacheable by default */
         return (pass);
    }

Perhaps your vcl_hash could have this appended to it

     if (req.http.Cookie) {
         set req.hash += req.http.Cookie;
     }

I haven't tried this but I don't see why you wouldn't have individual
cache entries for each cookie combo. I think this would flood your
cache if you use the cookie for session info, but if you just keep
simple values in cookies then this should be fine.

Stewart Robinson
fullfatthings.com/


On 23 September 2010 09:59, Harm Verhagen <harm.verhagen at gmail.com> wrote:
> Hi,
>
> I noticed that varnish out of the box doesn't cache requests that carry a
> cookie.
>
> This seems a bit too conservative to me.
> According to the http specs the mere existence of a cookie should not
> influence cachebility.  In the content of the response depends on the
> cookie, the server should tell in the response that the contents are not
> cacheble.
> The Vary: Cookie header  exists for that reason, no ?
>
> In the current default configuration if you put varnish in front of a
> 'well-behaving' (as in "adding all the required caching related http
> headers")  website.  Most cacheble content does _not_ get cached. Unless you
> do some non obvious (to me :) ) configuration of varnish.
>
> What are the thoughts on this list about moving the default varnish
> configuration closer to the http specification, regarding caching of request
> where the client sends a cookie (and probably leading to problems on
> websites that do _not_ use http headers correctly)
>
> That said,
> Does anyone has a pointer to a varnish configuration that does the thing I
> described above.  I don't mean an example where vanish just strips off
> cookies of  images/js/css files  request. (I found plenty examples of that
> scenario) But leaving cookies as is, but just look at the responses to
> decide if the content should be cached or not. So that varnish can
> selectively cache html pages based on their response, where all requests
> potentially have cookies).
>
>
> Mvg,
> Harm Verhagen
>
> _______________________________________________
> varnish-dev mailing list
> varnish-dev at varnish-cache.org
> http://lists.varnish-cache.org/mailman/listinfo/varnish-dev
>

More information about the varnish-dev mailing list