Varnish removes PHPSESSID when unsetting cookie

Question

I'm trying, since a long time, to put a working varnish (3.0.4) in front of some of my websites. I started from a clean config file (the one provided with varnish, "/usr/share/doc/varnish/examples/default.vcl.gz").

Well, it's working, but it don't seems to cache anything (I added headers to see it : https://www.varnish-cache.org/trac/wiki/VCLExampleHitMissHeader ).

So I added theses lines to my sub_recv :

if (req.url ~ "\.(png|gif|jpg|jpeg|js|css|ico|pdf)$") {     
unset req.http.Cookie;      
    }

As soon as I put these lines, my session is dropping after loading some pictures, and varnishlog show me log of differents PHPSESSID :

16 RxHeader     c Cookie: PHPSESSID=gkl02227ef1iq4joai0tsbi026
23 TxHeader     b Cookie: PHPSESSID=oomupd8tnvirpn8eamsertuih4
...

Full default.vcl has been posted here : http://pastebin.com/gmdym1sr

Edit : perhaps it has some importance, but images are called with a link like "http:/ /domain.com/?t=Thb&f=picture.jpg" (PhotoShow gallery)

Have you an idea? Thanks in advance!

Answer 1

You have to filter back cookies on images' way to your client:

sub vcl_fetch {
  // ... Line .82 in your pastebin
  if (req.url ~ "\.(png|gif|jpg|jpeg|js|css|ico|pdf)$") {     
    unset beresp.http.set-cookie;      
  }
  // ...
}

Right now this is what's happenning (with an empty browser cache for the image cache):

1. Request comes to Varnish, Varnish removes the cookie.
2. Varnish pass the request to the backend without cookie.
3. Backend full-fills the request and provide a Set-Cookie headder (as it comes to it without any cookie) with a new value.
4. Varnish can't cache the object since it has a Set-Cookie headder (line 102 on your pastebin).
5. Varnish passes the image along with the new cookie to your browser.
6. Your browser overwrites your PHPSESSID cookie conforming the Set-Cookie header received.