neverending saga of varnish + joomla

Kevin k at
Fri Aug 12 05:58:27 CEST 2011

> If a cookie is present > in the client request, Varnish will automatically pass the request to the backend (unless you've tinkered in vcl_recv). 

> 1. req index.html, no cookies present
> 2. Varnish: hit, strip set-cookie


The whole problem, from my understanding with Joomla, is that the cookie is set before you login. Joomla establishes the cookie session with ever anonymous user. The intention (from what I've read) is to avoid any session hijacking by establishing the session cookie (in Joomla's case it’s a random hash cookie name) right off the bat.

What I was trying to explain, in my post, was to dynamically restrict the anonymous seession setting on the login page only, and then have joomla continually send the headers reminding varnish to not cache any subsequent pages, if the user login and then starts to browse pages that would normally have cookies stripped + cached.

Does this make sense?

I'd love to hear alternative ways of accomplishing this with joomla specifically, or even with other CMS' that handles sessions similarly.



More information about the varnish-misc mailing list