How do I reconstruct the request cookie in varnish vcl?

StackOverflow https://stackoverflow.com/questions/19846826

Question

I am not sure if I am asking the right question. I have varnish sitting infront of a site that have access to numerous cookies. The most important are creds cookie. What I am doing is stripping all the cookies that I do not need and then check if any cookie left. If so, this means we bypass varnish, else return the cache object. 

  # Remove all cookies that Drupal doesn't need to know about. We explicitly 
  # list the ones that Drupal does need, the SESS , NO_CACHE and credential cookie namely  auth 
  #. If, after running this code we find that either of these two cookies remains, we 
  # will pass as the page cannot be cached.
  if (req.http.Cookie) {
    # 1. Append a semi-colon to the front of the cookie string.
    # 2. Remove all spaces that appear after semi-colons.
    # 3. Match the cookies we want to keep, adding the space we removed 
    #    previously back. (\1) is first matching group in the regsuball.
    # 4. Remove all other cookies, identifying them by the fact that they have
    #    no space after the preceding semi-colon.
    # 5. Remove all spaces and semi-colons from the beginning and end of the 
    #    cookie string. 
    set req.http.Cookie = ";" + req.http.Cookie;
    set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");    
    set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE+|auth)=", "; \1=");
    set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");

    if (req.http.Cookie == "") {
      # If there are no remaining cookies, remove the cookie header. If there
      # aren't any cookie headers, Varnish's default behavior will be to cache
      # the page.
      unset req.http.Cookie;
    }
    else {
      # If there is any cookies left (a session or NO_CACHE cookie), do not
      # cache the page. Pass it on to Apache directly.
      return (pass);
    }
  }
}

This works fine. I get a cache miss when auth cookie is in there and a hit otherwise. However, even when it is a miss it seems that varnish pass the request without the rest of the cookies that came in the request. Is there a way to direct varnish to pass the original cooke?

Maybe something like 

else {
  # If there is any cookies left (a session or NO_CACHE cookie), do not
  # cache the page. Pass it on to Apache directly.
  # And set the cookie to its original form ??
  return (pass);
}
Was it helpful?

Solution

You can copy original cookie before parsing it and restore it on else statement, somting like:

  # ....
  # Store original cookie in other headder
  set req.http.X-Cookie = req.http.Cookie;
  if (req.http.Cookie) {
    # ... 
    set req.http.Cookie = ";" + req.http.Cookie;
    set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");    
    set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE+|auth)=", "; \1=");
    set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");

    if (req.http.Cookie == "") {
      # ....
      # Delete cookie copy
      unset req.http.X-Cookie;
      unset req.http.Cookie;
    }
    else {
      # ...
      # Restore original cookie and delete the copy
      set req.http.Cookie = req.http.X-Cookie;
      unset req.http.X-Cookie;
      return (pass);
    }
  }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top