Cookie Normalization

Kyle Morgan kylem at cavecreek.net
Tue Sep 18 15:00:43 CEST 2012


I'm writing in reference to the blog post: https://www.varnish-software.com/blog/validating-cookies-varnish.

We've been attempting to configure content caching for a paid members area on a client's site. The content does not change per member, but our implementation is creating separate caches for each authenticated user.

Is there a way to normalize the cookie for authenticated users so that only 1 cache is created for all members? So far, our trial/error allows anyone (authenticated or not) to view the cached contents once any content from the members area is cached. Below is the relevant contents of .vcl:

   # Piped Directly to the webserver
   if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm)(\?[a-z0-9]+)?$") {
        # return (pipe);
        unset req.http.cookie;
   }

   # if labeled fja or auth pass through to backend
   if (req.http.Cookie ~ "(auth|fja)") { return (pipe); }

   # if labeled userdata or concept pass to cache
   if (req.http.Cookie ~ "(userdata|concept)") { return (lookup); }

   #KyleM bypass cookies from #######
   if (req.http.host ~ "^messages\.#########\.com$") { return (pass); }

   set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "");
   set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__atu.=[^;]+;? *", "");
   set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *OA.*=[^;]+;? *", "");
   #set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *fja=[^;]+;? *", "fja=member");

   if (req.http.cookie ~ "^ *$") {
        remove req.http.cookie;
   }

   return(lookup);

}

sub vcl_hash {    hash_data(req.http.cookie);   }

sub vcl_pass {

    if (req.http.Authorization) {
        return(pass);
    }
}

sub vcl_fetch {
    unset beresp.http.Server;
    set beresp.http.Server = "#####";
    set beresp.grace = 30s;

Any help is greatly appreciated.

Thanks!

Kyle M.
kylem at cavecreek.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20120918/0c2f1ca5/attachment.html>


More information about the varnish-dev mailing list