can't log into website cached by varnish

Tim Dunphy bluethundr at gmail.com
Fri Nov 28 20:41:47 CET 2014 

Hey all,

I had a little trouble getting my website cached, because it had been
generating some cookie headers. And with a little assistance from Thierry i
was able to get the site cached by adding this directive to my vcl_recv:

if (req.http.host ~ "^www\.ref\.mydomain\.com$") {
                unset req.http.Cookie;
        }


I was pretty happy to get that worked out! Now that the site is being
cached, I can't seem to login to a user account on the site.

Just to explain, I have two URLs that I use for the site.

www.ref.mydomaincom <http://www.ref.jokefire.com/> < -- on varnish cache
and CloudFlare CDN
ref.mydomain.com <http://ref.jokefire.com/>         <-- No varnish cache
and no CDN.

And on the non-cached version of the site you can log into the site no
problem. Using either a combination of username and password, or one of 3
social media accounts: facebook, twitter and OpenID.

But on the cached version of the site NONE of the login methods work.

This is what I'm seeing in varnishlog when I do try to to login using a
username and password:

11 TxURL        b /login.php

   11 TxHeader     b Host: www.ref.mydomain.com

   11 TxHeader     b Accept-Encoding: gzip

   11 TxHeader     b CF-IPCountry: US

   11 TxHeader     b CF-RAY: 1908f5f305c8077f-EWR

   11 TxHeader     b Content-Length: 53

   11 TxHeader     b X-Forwarded-Proto: http

   11 TxHeader     b CF-Visitor: {"scheme":"http"}

   11 TxHeader     b Cache-Control: max-age=0

   11 TxHeader     b Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

   11 TxHeader     b Origin: http://www.ref.mydomain.com

   11 TxHeader     b User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X
10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65
Safari/537.36

   11 TxHeader     b Content-Type: application/x-www-form-urlencoded

   11 TxHeader     b Referer: http://www.ref.mydomain.com/login.php

   11 TxHeader     b Accept-Language: en-US,en;q=0.8

   11 TxHeader     b Cookie:
__cfduid=d07324cb105a1c34117d52115ae70ddcf1417040066;
fbm_442804139174102=base_domain=.ref.mydomain.com;
PHPSESSID=17t21a46oi3di94sloj4fsso67; cc_log

gedin=0;
fbsr_442804139174102=tlAgWJk4s6LiX-f3uiFQxNnw5ZuqEDSikL4f5D6K26Y.eyJhbGdvcml0aG0iOiJITUFD

   11 TxHeader     b CF-Connecting-IP: 10.10.10.5

   11 TxHeader     b True-Client-IP: 0

   11 TxHeader     b X-Forwarded-For: 10.10.10.5 , 10.10.10.6

   11 TxHeader     b X-Varnish: 380032761

   11 RxHeader     b Date: Fri, 28 Nov 2014 19:27:03 GMT

   11 RxHeader     b Server: Apache/2.2.15 (CentOS)

   11 RxHeader     b X-Powered-By: PHP/5.6.3

   11 RxHeader     b Expires: Thu, 19 Nov 1981 08:52:00 GMT

   11 RxHeader     b Cache-Control: no-store, no-cache, must-revalidate,
post-check=0, pre-check=0

   11 RxHeader     b Location: index.php

   11 RxHeader     b Transfer-Encoding: chunked

   11 RxHeader     b Content-Type: text/html; charset=UTF-8

   10 TxHeader     c Server: Apache/2.2.15 (CentOS)

   10 TxHeader     c X-Powered-By: PHP/5.6.3

   10 TxHeader     c Expires: Thu, 19 Nov 1981 08:52:00 GMT

   10 TxHeader     c Cache-Control: no-store, no-cache, must-revalidate,
post-check=0, pre-check=0

   10 TxHeader     c Location: index.php

   10 TxHeader     c Content-Type: text/html; charset=UTF-8

   10 TxHeader     c Content-Length: 8249

   10 TxHeader     c Accept-Ranges: bytes

   10 TxHeader     c Date: Fri, 28 Nov 2014 19:27:03 GMT

   10 TxHeader     c X-Varnish: 380032761

   10 TxHeader     c Age: 0

   10 TxHeader     c Via: 1.1 varnish

   10 TxHeader     c Connection: close

   10 TxHeader     c X-Cache: MISS

What I've done to try to correct the problem was to add the following to my
vcl_recv:

 if ( req.url ~ "^/login.php$") {
        return(pass);
    }

Thinking that if it was the caching of the site that was preventing me from
logging in, that excluding the login URL from the cache with the above
statement could potentially correct the problem. But adding that statement
didn't make a difference. And I'm still unable to log into the site.

I'll include my full VCL as an attachment, in case that might yield any
clues.

I'd really appreciate any advice that you might have!

Thanks
Tim


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20141128/ecd1bb34/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: default.vcl
Type: application/octet-stream
Size: 2903 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20141128/ecd1bb34/attachment.obj>

More information about the varnish-misc mailing list