Stuck with cookies and phpsessid

Christopher Edwards Christopher at hippomotorgroup.co.uk
Wed Sep 20 09:47:13 UTC 2017


When a user tries to upload content via our CMS, we're getting a incorrect permissions due to PHPSESSID not being sent.
Here is my current vcl file, what would I have to change to resolve the PHPSESSID error?
As an alternative to resolving this issue (not ideal) set a section of the site to not be cached by varnish but I'm also not sure of how to do that.
vcl 4.0;
import directors;
import std;

backend site1 {
    .host = "127.0.0.1";
    .port = "8080";
}

backend site2 {
    .host = "127.0.0.1";
    .port = "8081";
}

backend site3 {
    .host = "127.0.0.1";
    .port = "8082";
}

acl purge {
    "localhost";
    "127.0.0.1";
}


sub vcl_recv {
    # SINGLE BACKEND
#        set req.backend_hint= default;
if (req.http.host == "www.site2.co.uk") {
        set req.backend_hint = site2;
    }
    else if (req.http.host == "www.site3.co.uk") {
        set req.backend_hint = site3;
    }
    else if (req.http.host == "site1.site2.co.uk") {
        set req.backend_hint = site1;
    }
    else {
        return (synth(404, "Host not found"));
    }

        # SET HTTP HEADERS
        set req.http.X-Forwarded-For = client.ip;
        set req.http.X-Forwarded-Proto = "https";

        # REMOVE HEADERS THAT MIGHT DUPLICATE CACHE
        unset req.http.Accept-Language;
        unset req.http.User-Agent;

    # PURGE
        if (req.method == "PURGE") {
            if (!client.ip ~ purge) {
              return(synth(405,"Not allowed."));
            }
            return (purge);
        }
        if ( std.port(server.ip) == 6080) {

        set req.http.x-redir = "https://" + req.http.host + req.url;
                return (synth(750, "Moved permanently"));
        }

        # DROP COOKIES AND PARAMS FROM STATIC ASSET
        if (req.url ~ "\.(gif|jpg|jpeg|swf|ttf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") {
            unset req.http.cookie;
            set req.url = regsub(req.url, "\?.*$", "");
        }

        # PASS COOKIES
        if (req.http.cookie) {
            if (req.http.cookie ~ "(exclude_)") {
                return(pass);
            } else {
              unset req.http.cookie;
            }
        }
}



sub vcl_backend_response {
    # RETRY BACKEND 3 TIMES IF DOWN
    if (beresp.status == 503 && bereq.retries < 3 ) {
       return(retry);
}

    if (bereq.http.Cookie ~ "(UserID|_session)") {
        set beresp.http.X-Cacheable = "NO:Got Session";
        set beresp.uncacheable = true;
        return (deliver);

    } elsif (beresp.ttl <= 0s) {
        set beresp.http.X-Cacheable = "YES";

    } elsif (beresp.http.set-cookie) {
        set beresp.http.X-Cacheable = "YES";
        set beresp.uncacheable = false;
        return (deliver);

    } elsif (beresp.http.Cache-Control ~ "private") {
        set beresp.http.X-Cacheable = "NO:Cache-Control=private";
        set beresp.uncacheable = true;
        return (deliver);

    } else {
        set beresp.http.X-Cacheable = "YES";

    unset beresp.http.expires;

        set beresp.http.cache-control = "max-age=900";

        set beresp.ttl = 1w;

        set beresp.http.magicmarker = "1";
    }

    # UNSET COOKIES
    if (!(bereq.url ~ "(exclude)"))  {
        set beresp.http.X-UnsetCookies = "TRUE";
            unset beresp.http.set-cookie;
            set beresp.ttl = 1h;
    }

    # YEAR LONG CACHE FILE TYPES
    if (bereq.url ~ "\.(gif|jpg|jpeg|png)(\?.*|)$") {
        set beresp.ttl = 365d;

    # MONTH LONG CACHE FILE TYPES
    if (bereq.url ~ "\.(css|js|flv|mp3|mp4|pdf|)(\?.*|)$") {
        set beresp.ttl = 30d;

}

}
set beresp.grace = 1w;

}

sub vcl_hash {
   if ( req.http.X-Forwarded-Proto ) {
    hash_data( req.http.X-Forwarded-Proto );
}
}

sub vcl_backend_error {
      # DISPAY CUSTOM ERROR IF FAILS
      if (beresp.status == 503 && bereq.retries == 3) {
          synthetic(std.fileread("/etc/varnish/error503.html"));
          return(deliver);
       }
}

sub vcl_synth {
    # REDIRECT FOR HTTP
    if (resp.status == 750) {
        set resp.status = 301;
        set resp.http.Location = req.http.x-redir;
        return(deliver);
    }
# DISPLAY CUSTOM PAGE IF BACKEND DOWN
    if (resp.status == 503) {
        synthetic(std.fileread("/etc/varnish/error503.html"));
        return(deliver);
     }
}


sub vcl_deliver {


    # RESTART IF BACKEND DOWN
    if (resp.status == 503) {
        return(restart);
    }
    if (resp.http.magicmarker) {
       # REMOVE MAGIC MARK
        unset resp.http.magicmarker;

       # FRESH OBJECT
       set resp.http.age = "0";
     }
   if (obj.hits > 0) {
     set resp.http.X-Cache = "HIT";
   } else {
     set resp.http.X-Cache = "MISS";
   }
   set resp.http.Access-Control-Allow-Origin = "*";
}
sub vcl_hit {
  if (req.method == "PURGE") {
    return(synth(200,"OK"));
  }
}


sub vcl_miss {
  if (req.method == "PURGE") {
    return(synth(404,"Not cached"));
  }
}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20170920/2e00bc7b/attachment-0001.html>


More information about the varnish-misc mailing list