Cookie Normalization
Laurence Rowe
l at lrowe.co.uk
Wed Sep 19 21:50:46 CEST 2012
On 18 September 2012 14:00, Kyle Morgan <kylem at cavecreek.net> wrote:
> I'm writing in reference to the blog post:
> https://www.varnish-software.com/blog/validating-cookies-varnish.
>
>
>
> We've been attempting to configure content caching for a paid members area
> on a client's site. The content does not change per member, but our
> implementation is creating separate caches for each authenticated user.
>
>
>
> Is there a way to normalize the cookie for authenticated users so that only
> 1 cache is created for all members? So far, our trial/error allows anyone
> (authenticated or not) to view the cached contents once any content from the
> members area is cached. Below is the relevant contents of .vcl:
Your email should really be directed to varnish-misc, but my approach
here would be to leave the hash alone and add a Vary based on a
request header recording if a user is anonymous or logged in. This is
for the inverse use case, but something like it should work:
sub vcl_recv {
if (!(req.http.Authorization || req.http.cookie ~ "(^|; )__ac=")) {
set req.http.X-Anonymous = "true";
}
}
sub vcl_fetch {
if (!req.http.X-Anonymous && !beresp.http.Cache-Control ~ "public") {
return(pass);
}
if (!beresp.http.Cache-Control ~ "public") {
set beresp.http.Vary = "X-Anonymous";
}
}
Laurence
More information about the varnish-dev
mailing list