Cookies - set on non-cached pages, read on all pages

Rob S rtshilston at gmail.com
Tue Apr 20 17:40:13 CEST 2010 

We too operate a Varnish cache + JS for personalisation.  Our approach 
is as follows:

Normal GET request for normal public pages: unset cookie, serve cached page.
Requests for login page, admin or pages that are more personal than can 
be achieved with JS: Make varnish transparent.

This is pretty simple, and works well for us.  However, if you're not 
able to identify the admin / login areas from the URL, then you might 
find this quite hard.


Rob



David Murphy wrote:
> Very helpful, thanks.
>
> So the admin cookies are different from the simple JS cookies that provide the 'Hello <user>' value? 
>
> My understanding is that if a page is cached with unique cookie then there will be an object for every unique cookie value (tom, dick, harry etc) an as a result we'll get a low hit-rate. However, my guess is that I've misunderstood how this works, and that I'm wrong :) 
>
> Is it just the cookie name ('firstname') that is important rather than the cookie value ('Tom') when decided whether to unset the cookie on a varnish cached page?
>
> Thanks, David
> ________________________________________
> From: Richard Chiswell [richard.chiswell at mangahigh.com]
> Sent: 20 April 2010 16:13
> To: David Murphy
> Cc: varnish-misc at varnish-cache.org
> Subject: Re: Cookies - set on non-cached pages, read on all pages
>
> Hi David,
>
> On 20/04/2010 16:08, David Murphy wrote:
>   
>> Thanks Rich
>>
>> When you say ignore  do you mean unset e.g.
>>
>> sub vcl_recv {
>>     //snip
>>    unset req.http.cookie;
>> }
>>
>>     
> We do something like:
> sub vcl_recv {
> ...
> if (req.http.Cookie) {
>       set req.http.Cookie = ";" req.http.Cookie;
>       set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
>       set req.http.Cookie = regsuball(req.http.Cookie,
> ";(Cookies|WeWantTo|Keep)=", "; \1=");
>       set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
>       set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
>     if (req.http.Cookie == "") {
>          remove req.http.Cookie;
>      }
> }
> ...
> }
>
> The Cookies|We... regular expression are for things like admin cookies
> which we want to be set.
>
> Rich
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
>

More information about the varnish-misc mailing list