Strange Issue with cache and logged in users

Thu May 26 16:07:02 CEST 2016

Further adding the observations with the following scenario:

 1. Visit URL A-not-loggedin
 2. Visit URL B-not-loggedin
 3. User logs in
 4. Visit URL A after logging in - varnish is serving the page -
    A-not-loggedin
 5. Visit URL B after logging in - varnish is serving the page
    B-not-loggedin

This means Varnish is serving the pages just visited (till cache expiry) 
irrespective of the fact that the page is being fetched from backend and 
that there is a pass in vcl_recv.

I am unable to understand the above mentioned behavior - the VCL logic I 
used is simple as mentioned in the mail below.

Regards,

Pinakee

On 26/05/16 6:24 pm, Pinakee BIswas wrote:
> Hi,
>
> I am facing a strange problem with Varnish cache. Ours is an ecommerce 
> site wherein users can visit with or without logging in. I have 
> written the VCL to unset cookies when user not logged in.
>
> The scenario is user logs in and then logs out. When the user logs 
> out, Varnish is still delivering logged in pages to the user which is 
> strange as the requests for logged in users go all the way to the 
> backend and the pages are not supposed to get cached. I have been 
> looking into this since quite some time and still not able to figure 
> out the reason.
>
> Would appreciate any help.
>
> Thanks,
>
> Pinakee
>
> PFA the output from varnishlog.
>
> Following is the VCL code:
>
> sub vcl_recv {
>     # Happens before we check if we have this in cache already.
>     #
>     # Typically you clean up the request here, removing cookies you 
> don't need,
>     # rewriting the request, etc.
>     set req.backend_hint = uwsgi;
>
>    if (req.method == "GET") {
>         if ((req.http.Cookie !~ "sessionid=") &&
>             (req.http.Cookie !~ "loggedin_user=") &&
>             (req.url !~ "^/esi")) {
>                 unset req.http.cookie; # strip the cookies - we don't 
> need them
>         }
>     }
> }
>
> sub vcl_backend_response {
>     # Happens after we have read the response headers from the backend.
>     #
>     # Here you clean the response headers, removing silly Set-Cookie 
> headers
>     # and other mistakes your backend does.
>     if (bereq.method == "GET") {
>                 set beresp.do_esi = true;
>         if ((beresp.http.Set-Cookie !~ "jivaana_user=") &&
>                 (beresp.http.Set-Cookie !~ "sessionid=") &&
>                 (bereq.http.Cookie !~ "sessionid=") &&
>                 (bereq.http.Cookie !~ "jivaana_user=") &&
>                 (bereq.url !~ "^/product/addtobasket")) {
>                 #unset beresp.http.Set-Cookie;
>                 set beresp.uncacheable = false;
>                 return(deliver);
>         }
>     }
> }
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160526/c64d16d5/attachment.html>