PRIV_REQ/SESS in vcl_backend_*

Dag Haavi Finstad daghf at varnish-software.com
Thu Nov 20 09:07:17 CET 2014


Hi

Here's a suggestion (and a set of patches) for what PRIV_REQ/SESS
could look like in vcl_backend_*, mostly based around IRC discussion.

The idea is to make PRIV_REQ available also in vcl_backend_*, and then
give a separate priv object from the one used on the client side.
Realizing this could lead to confusion, it was suggested to rename it
PRIV_XID. The priv object will however survive a VCL restart/retry, so
the name is not completely honest in that it is not restricted to a
single XID. I think this is the behavior that makes the most sense,
but I'm not super excited about the name.

A second point is regarding PRIV_SESS. A concern with PRIV_SESS is
that the remote Varnish is talking to very often tends to be not the
client itself, but rather a load balancer dispatching requests from a
bunch of clients over the same persistent connections. So if you were
to introduce a priv_sess vmod that handles some sort of client state
in such a scenario, you will very quickly shoot yourself in the foot
and leak state across clients unless you know what you are doing. I
think the problems solved by PRIV_SESS are typically solved much safer
via PRIV_REQ.

A point brought up by Tollef on IRC is that PRIV_SESS lets you share
state between a request and its ESI subrequests, something that has
legitimate use cases. Patch #5 (attached) drops PRIV_SESS and
introduces PRIV_ESI, which restricts the scope to a request and its
client-side subrequests.

Feedback/comments/complaints very welcome. :-)

regards,
Dag

-- 
Dag Haavi Finstad
Software Developer | Varnish Software
Mobile: +47 476 64 134
We Make Websites Fly!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-a-test-case-for-using-PRIV_-in-an-ESI-context-an.patch
Type: text/x-patch
Size: 2191 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20141120/a11b6276/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-PRIV_REQ-PRIV_XID.-Renamed-to-make-the-situation-les.patch
Type: text/x-patch
Size: 5662 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20141120/a11b6276/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Make-the-VRTPRIV_-interface-slightly-more-generic-to.patch
Type: text/x-patch
Size: 6688 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20141120/a11b6276/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Introduce-PRIV_-XID-SESS-in-vcl_backend_.patch
Type: text/x-patch
Size: 5058 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20141120/a11b6276/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Drop-PRIV_SESS-and-welcome-PRIV_ESI.-Unlike-PRIV_SES.patch
Type: text/x-patch
Size: 8249 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20141120/a11b6276/attachment-0009.bin>


More information about the varnish-dev mailing list