varnish caching with jsessionid being set

Dridi Boukelmoune dridi at
Fri Mar 24 10:18:19 CET 2017

On Wed, Mar 22, 2017 at 4:28 PM, Guillaume Quintard
<guillaume at> wrote:
> Sure, you can override them:
> set vcl_backend_response {
>     set beresp.ttl = 5m;
> }

Hello Jim,

This kind of "yes you can" should always come with a mandatory
"but you shouldn't" :)

C allows you to easily shoot yourself in the foot, C++ too but it will
blow off your whole leg. Those are well known facts.

It is the same for VCL: it allows you to shoot yourself in the foot,
blow off your leg, and leak sensitive information. That is true
with any caching solution that allows you to overrule the origin
server. And that applies to any origin server that doesn't do
proper caching.

If you're backend isn't good at conveying caching intent, fix the
backend. Otherwise how can you know when you (and I quote)
"ignore the caching headers" that you aren't caching something

Know what thou art doing and proceed with care.


More information about the varnish-misc mailing list