Tomcat, Session objects and caching (most) URIs

Torstein Krause Johansen torstein at
Wed May 28 14:10:08 CEST 2008

Hi all,

I'm using Varnish 1.1.2 together with Tomcat 5.5.x as backend and I've 
got some questions regarding caching and the Java Session object.

When receiving a request, Tomcat always sets a Cookie for storing the 
Java Session object (JSESSIONID). Because of this, no pages returned 
from Tomcat are cached in Varnish with the default configuration.

I do understand the rationale behind this, but since Tomcat _always_ 
sets the cookie in order to supply the Session object (a part of the 
J2EE spec I believe), I have to find a way to cache (most of) these 

One workaround is to remove the Set-Cookie header in the Tomcat reply 
before Varnish treats it:

   vcl_fetch() {
     if (obj.http.Set-Cookie) {
       remove obj.http.Set-Cookie;

Now, as long as noone in any Java application running in the servlet 
container uses the Java Session object, this works fine. However, what's 
the prefered way of doing this, /if/ we want to use the  Session object 
for /some/ URIs?

Is it possible to add an additional test to the vcl_fetch block above to 
not remofve the header, if the URI is either starting with e.g. "/login" 
or "/register" ?

Another workaround I can think of would be to insert all requests with 
Cookies in their headers.

What is the preferred way of solving this problem?


Torstein Krause Johansen
Senior consultant
mobile: +47 97 01 76 04
Escenic - platform for innovation

More information about the varnish-misc mailing list