question on the cookies and varnish

James Light j.gareth.light at
Wed Mar 28 20:25:34 CEST 2012

2012/3/28 Alexandre Priou <apriou at>:
> thank at all
> i try that
> best regard
> 2012/3/28 Roberto O. Fernández Crisial <roberto.fernandezcrisial at>
>> Hi Alexandre,
>> You could use something on vcl_recv() like:
>> if (req.http.Cookie ~ "PHPSESSID")
>> {
>> remove req.http.Cookie;
>> }
>> Regards,
>> Roberto (a.k.a. @rofc)
>> On Wed, Mar 28, 2012 at 3:08 PM, Alexandre Priou <apriou at> wrote:
>>> hi at all
>>> I need to erase all cookies in varnish conf except the cookie with name :
>>> how i can to do that ?
>>> thank for your answer
>>> --
>>> Alexandre Priou
>>> Analyste Concepteur Web

Um, no. That's not going to work as most user agents will pass ALL of
the cookies in one single "Cookie:" header.
That VCL above says "If there's the string "PHPSESSID" in the HTTP
headers of the client request, remove that entire header.

What you asked was how to remove every *other* cookie *except* PHPSESSID.

There is an example of how to do that on the  varnish site here:

Personally, I prefer a different way, which amounts to:
    * extract the PHPSESSID into a different header
    * unset the entire Cookie Header
    * add back only the PHPSESSID as the Cookie header

A reminder that VCL has PCRE (perl compat regexes), so you can look up
those as needed and go at it.
Hope that helps.


More information about the varnish-misc mailing list