Cookies - set on non-cached pages, read on all pages
Rob S
rtshilston at gmail.com
Tue Apr 20 18:08:52 CEST 2010
Not quite. We don't unset the cookies in vcl_recv, but we've ensured
that that function ends with "lookup", so we never hit the default
recipe which would otherwise prevent caching if a cookie was set.
Then, we approximately do something like:
sub vcl_fetch {
if (obj.ttl > 0) {
unset obj.http.Set-Cookie;
}
....
}
What this means is that: If the backend thinks the response is
cacheable, then make sure we strip cookies. If it's not cacheable, then
we don't care if cookies are set or not.
Obviously this can't be applied blindly in front of an arbitrary
backend. Fortunately, our backends are running apps completely under
our control, so this isn't a worry.
Rob
David Murphy wrote:
> Thanks Rob
>
> We use
>
> req.url ~ "^/admin/"
>
> to identify the admin area of the site and we force Varnish to grab content from back end and not cache anything if this is part of URL. Works fine for us.
>
> So,for JS personalisation you're unsetting cookies when saving the pages to cache, and then unsetting when serving from cache?
>
> Something like? ...
>
> sub vcl_recv {
> if (!req.url ~ "^/admin") {
> unset req.http.cookie;
> }
> //snip
> }
>
> sub vcl_fetch {
> if (req.url ~ "^/admin") {
> unset beresp.http.set-cookie;
> }
> //snip
> }
>
>
> Best, David
>
> ________________________________________
> From: Rob S [rtshilston at gmail.com]
> Sent: 20 April 2010 16:40
> To: David Murphy
> Cc: Richard Chiswell; varnish-misc at varnish-cache.org
> Subject: Re: Cookies - set on non-cached pages, read on all pages
>
> We too operate a Varnish cache + JS for personalisation. Our approach
> is as follows:
>
> Normal GET request for normal public pages: unset cookie, serve cached page.
> Requests for login page, admin or pages that are more personal than can
> be achieved with JS: Make varnish transparent.
>
> This is pretty simple, and works well for us. However, if you're not
> able to identify the admin / login areas from the URL, then you might
> find this quite hard.
>
>
> Rob
>
>
>
> David Murphy wrote:
>
>> Very helpful, thanks.
>>
>> So the admin cookies are different from the simple JS cookies that provide the 'Hello <user>' value?
>>
>> My understanding is that if a page is cached with unique cookie then there will be an object for every unique cookie value (tom, dick, harry etc) an as a result we'll get a low hit-rate. However, my guess is that I've misunderstood how this works, and that I'm wrong :)
>>
>> Is it just the cookie name ('firstname') that is important rather than the cookie value ('Tom') when decided whether to unset the cookie on a varnish cached page?
>>
>> Thanks, David
>> ________________________________________
>> From: Richard Chiswell [richard.chiswell at mangahigh.com]
>> Sent: 20 April 2010 16:13
>> To: David Murphy
>> Cc: varnish-misc at varnish-cache.org
>> Subject: Re: Cookies - set on non-cached pages, read on all pages
>>
>> Hi David,
>>
>> On 20/04/2010 16:08, David Murphy wrote:
>>
>>
>>> Thanks Rich
>>>
>>> When you say ignore do you mean unset e.g.
>>>
>>> sub vcl_recv {
>>> //snip
>>> unset req.http.cookie;
>>> }
>>>
>>>
>>>
>> We do something like:
>> sub vcl_recv {
>> ...
>> if (req.http.Cookie) {
>> set req.http.Cookie = ";" req.http.Cookie;
>> set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
>> set req.http.Cookie = regsuball(req.http.Cookie,
>> ";(Cookies|WeWantTo|Keep)=", "; \1=");
>> set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
>> set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
>> if (req.http.Cookie == "") {
>> remove req.http.Cookie;
>> }
>> }
>> ...
>> }
>>
>> The Cookies|We... regular expression are for things like admin cookies
>> which we want to be set.
>>
>> Rich
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
>>
>>
>
>
More information about the varnish-misc
mailing list