Session issues when using Varnish

Chris Bloom chrisbloom7 at gmail.com
Wed Mar 16 14:58:39 CET 2011 

I have been investigating an issue on a client's website that is very
peculiar. I have verified that the behavior is due to the instance of
Varnish that Rackspace configured for us. However, I'm not sure if this
constitutes a bug in Varnish or a configuration error. I'm hoping someone
can verify it for me one way or the other.

Here is the scenario: Some of our PHP pages are protected by way of
verifying that certain session variables are set. If not, the user is sent
to the login page. We have observed that on URLs in which there is a
querystring, and when the last value of that querystring ends in ".jpg",
".jpeg", ".gif", or ".png", and when we have an iptable rule that routes
requests from port 80 to Varnish, the session is reset completely. Oddly
enough, no other extension seems to have this affect. I have recreated this
behavior in a clean PHP file, which I've attached. You can test this script
on your own using the following URLs. The ones marked with the * are where
the session gets reset.

http://localhost/test_cdb.php
http://localhost/test_cdb.php?foo=1
http://localhost/test_cdb.php?foo=1&baz=bix
http://localhost/test_cdb.php?foo=1&baz=bix.far
http://localhost/test_cdb.php?foo=1&baz=bix.far.jpg *
http://localhost/test_cdb.php?foo=1&baz=bix.fur
http://localhost/test_cdb.php?foo=1&baz=bix.gif *
http://localhost/test_cdb.php?foo=1&baz=bix.bmp
http://localhost/test_cdb.php?foo=1&baz=bix.php
http://localhost/test_cdb.php?foo=1&baz=bix.exe
http://localhost/test_cdb.php?foo=1&baz=bix.tar
http://localhost/test_cdb.php?foo=1&baz=bix.jpeg *

Here is the rule we created for iptables

-A PREROUTING -t nat -d x.x.x.128 -p tcp -m tcp --dport 80 -j DNAT
--to-destination x.x.x.128:6081

Chris Bloom
Internet Application Developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20110316/5ce575c3/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_cdb.php
Type: application/x-httpd-php
Size: 721 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20110316/5ce575c3/attachment-0003.php>

More information about the varnish-misc mailing list