vcl broken after upgrade from 4.1 to 5.0

Dridi Boukelmoune dridi at
Tue Aug 7 18:10:07 UTC 2018

On Tue, Aug 7, 2018 at 3:27 PM, Stefan Priebe - Profihost AG
<s.priebe at> wrote:
> Hello,
> our varnish vcl is broken after upgrading from 4.1 to 5.0 but i can't
> find any documentation hint and i also do not find any solution.
> The old varnish conf uses std.collect to concatenate alls Set-Cookies
> header from the backend.
> Then does a lot of "magic" using regsuball.
> At the end it uses the following Code to split the header into multiple
> headers again:
> rebsuball(cookies, ", ", {"
> Set-Cookies: "})
> { allows \n / new lines so every new line starts with Set-Cookies: do
> have multiple Set-Cookies headers.

Wow, that's like evil clever!

> This does not seem to work anymore with 5.0 the Set-Cookies Header is
> still a one line. I was also not able to find the opposite of
> std.collect to split the line again into multiple headers.

That's a nice trick, and technically illegal although, well... Good
job for such a hack!

Some time after 4.1 std.collect grew support for an optional separator
other than ", " especially for brain-dead cookie use cases. FYI
cookies are such a mess because they contain a date formatted with a
comma followed by a space, but not quoted, so they can't be split like
other headers such as the Accept* headers.

To add insult to the injury, HTTP/2 requires cookies to be individual
headers nevertheless [1] to help HPACK compression effectiveness.
Since 5.0 is the first release with experimental h2 support, we may
have tightened headers handling and broken your (illegal but oh so
clever) hack.

I don't have time to look [2] closer now, but it would indeed be nice
to have the reciprocal operation to std.collect, so you could use a
safe [3] separator to collect, make your changes and then split using
the same separator.

    std.collect(beresp.http.set-cookie, "~SEP~");
    /* do stuff to beresp.http.set-cookie */
    std.split(beresp.http.set-cookie, "~SEP~");


[1] remember, impossible for h1
[2] but I'll find time to review a patch ;-)
[3] if you also control the backend in that regard

More information about the varnish-misc mailing list