<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Further adding the observations with the following scenario:</p>
<ol>
<li>Visit URL A-not-loggedin</li>
<li>Visit URL B-not-loggedin</li>
<li>User logs in</li>
<li>Visit URL A after logging in - varnish is serving the page -
A-not-loggedin</li>
<li>Visit URL B after logging in - varnish is serving the page
B-not-loggedin</li>
</ol>
<p>This means Varnish is serving the pages just visited (till cache
expiry) irrespective of the fact that the page is being fetched
from backend and that there is a pass in vcl_recv.</p>
<p>I am unable to understand the above mentioned behavior - the VCL
logic I used is simple as mentioned in the mail below. <br>
</p>
<p>Regards,</p>
<p>Pinakee<br>
</p>
<br>
<div class="moz-cite-prefix">On 26/05/16 6:24 pm, Pinakee BIswas
wrote:<br>
</div>
<blockquote
cite="mid:308a61e8-58ce-50b7-0ef9-3c4479180c41@waltzz.com"
type="cite">Hi,
<br>
<br>
I am facing a strange problem with Varnish cache. Ours is an
ecommerce site wherein users can visit with or without logging in.
I have written the VCL to unset cookies when user not logged in.
<br>
<br>
The scenario is user logs in and then logs out. When the user logs
out, Varnish is still delivering logged in pages to the user which
is strange as the requests for logged in users go all the way to
the backend and the pages are not supposed to get cached. I have
been looking into this since quite some time and still not able to
figure out the reason.
<br>
<br>
Would appreciate any help.
<br>
<br>
Thanks,
<br>
<br>
Pinakee
<br>
<br>
PFA the output from varnishlog.
<br>
<br>
Following is the VCL code:
<br>
<br>
sub vcl_recv {
<br>
# Happens before we check if we have this in cache already.
<br>
#
<br>
# Typically you clean up the request here, removing cookies
you don't need,
<br>
# rewriting the request, etc.
<br>
set req.backend_hint = uwsgi;
<br>
<br>
if (req.method == "GET") {
<br>
if ((req.http.Cookie !~ "sessionid=") &&
<br>
(req.http.Cookie !~ "loggedin_user=") &&
<br>
(req.url !~ "^/esi")) {
<br>
unset req.http.cookie; # strip the cookies - we
don't need them
<br>
}
<br>
}
<br>
}
<br>
<br>
sub vcl_backend_response {
<br>
# Happens after we have read the response headers from the
backend.
<br>
#
<br>
# Here you clean the response headers, removing silly
Set-Cookie headers
<br>
# and other mistakes your backend does.
<br>
if (bereq.method == "GET") {
<br>
set beresp.do_esi = true;
<br>
if ((beresp.http.Set-Cookie !~ "jivaana_user=") &&
<br>
(beresp.http.Set-Cookie !~ "sessionid=")
&&
<br>
(bereq.http.Cookie !~ "sessionid=") &&
<br>
(bereq.http.Cookie !~ "jivaana_user=") &&
<br>
(bereq.url !~ "^/product/addtobasket")) {
<br>
#unset beresp.http.Set-Cookie;
<br>
set beresp.uncacheable = false;
<br>
return(deliver);
<br>
}
<br>
}
<br>
}
<br>
<br>
</blockquote>
<br>
</body>
</html>