Fwd: question on the cookies and varnish

James Light j.gareth.light at gmail.com
Wed Mar 28 22:35:57 CEST 2012

On Wed, Mar 28, 2012 at 4:04 PM, Per Buer <perbu at varnish-software.com>wrote:

> On Wed, Mar 28, 2012 at 8:25 PM, James Light <j.gareth.light at gmail.com>wrote:
>> What you asked was how to remove every *other* cookie *except* PHPSESSID.
>> There is an example of how to do that on the  varnish site here:
>> https://www.varnish-cache.org/docs/3.0/tutorial/cookies.html
>> Personally, I prefer a different way, which amounts to:
>>    * extract the PHPSESSID into a different header
>>    * unset the entire Cookie Header
>>    * add back only the PHPSESSID as the Cookie header
> Thats quite a neat way to do it. Could you send me the VCL for this? It
> might be a good example for the docs. The current example is rather horrid.
> --
> Per Buer
> Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
> *Varnish makes websites fly!*
> Whitepapers <http://www.varnish-software.com/whitepapers> | Video<http://www.youtube.com/watch?v=x7t2Sp174eI> |
> Twitter <https://twitter.com/varnishsoftware>
I've adapted this off the cuff from what I have internally currently where
I'm working. I have not done extensive testing on this as it is simply an
adaptation of what I actually do in our vcl code. Let me know any problems
that I have overlooked.

This attempts to match a PHPSESSID that is one or more ASCII alphanumeric
character. I'm not a PHP developer, I just asked the PHP guy if I can
always expect that the PHPSESSID will consist of only alphanumerics and he
said yes it will.

This will not work for a cookie that has a string that contains characters
that are not ASCII alphanumerics. I'm not sure if rfc2616 has any
restrictions on the Character Encoding for Cookies, so I can't guarantee
that this will work in all cases and I currently don't have the time to
look into the spec to make sure that what I'm giving doesn't totally suck.

Basically, I'm just posting this here because you asked me to, I don't
claim to be an expert in anything except persistence.

sub vcl_recv {

        # save the original cookie header so we can mangle it
        set req.http.X-Varnish-PHP_SID = req.http.Cookie;

        # using a capturing sub pattern, extract the continuous string of
alphanumerics that immediately follows "PHPSESSID="
        set req.http.X-Varnish-PHP_SID =
regsuball(req.http.X-Varnish-PHP_SID, ";? ?PHPSESSID=([a-zA-Z0-9]+)( |;|

        set req.http.Cookie = req.X-Varnish-PHP_SID;

        remove req.X-Varnish-PHP_SID;


Hope this helps.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120328/b094f02c/attachment.html>

More information about the varnish-misc mailing list