Doubt regarding ESI and Set-Cookie

[Pinakee BIswas]

Hi,

We are using varnish in our production. I have a doubt regarding ESI:

In web page, there is esi as follows:

/main.html

<HTML code>

...................

<esi:include src="/esi-url">

..............

<HTML code>

In the above code, the varnish VCL is as follows:

sub vcl_recv {

    if (req.method == "GET") {
         if ((req.url !~ "^/esi-url") &&
                 unset req.http.cookie; # strip the cookies - we don't 
need them
         }
     }
}

sub vcl_backend_response {
     if (bereq.method == "GET") {
         set beresp.do_esi = true;
         if ((bereq.url !~ "^/esi-url") && {
                 unset beresp.http.Set-Cookie;
         }
     }
}

When browser sends a HTTP request for main.html to varnish, varnish 
delivers the non-ESI portion from cache and fetches the esi-url from 
backend. Now for esi-url, backend sets csrf-token in Set-Cookie.

My query is : Will varnish pass on the Set-Cookie in HTTP response?

I couldn't see it in my setup. Varnish is not passing the Set-Cookie in 
HTTP response to the Browser. Is there a way for Varnish to pass the 
Set-Cookie in ESI response?

The esi portion could be a form  containing a csrf token.

Would appreciate clarifications on the above...

Thanks,

Pinakee