Need guidance on caching behavior with regard to session cookies



  • Junichi

    Hello Bahadir,

    I recommend you to use vary header and pass on vcl_recv.


    Check if "connect.sid" and the value exist

    if (req.http.cookie ~ "connect.sid=(?!;)+" { set req.http.x-connect-sid = "true"; return(pass); } else { set req.http.x-connect-sid = "false"; }


    vary on the custom header

    if (beresp.http.Vary) { set beresp.http.Vary = beresp.http.Vary ", x-connect-sid"; } else { set beresp.http.Vary = "x-connect-sid"; }


    Hide the existence of the header from downstream

    if (resp.http.Vary) { set resp.http.Vary = regsub(resp.http.Vary, "x-connect-sid", "Cookie"); }


    Regards, Junichi

    Comment actions Permalink
  • Bahadir Balban

    Hi Junichi,

    It worked! Thank you!

    For reference I copied over Fastly boilerplate VCL, and inserted each snippet in the original examples between the function beginning and #Fastly hash define start. In particular I inserted vcl_recv, vcl_fetch, vcl_deliver snippets.

    There was a missing closing parenthesis the first line, it should be: if (req.http.cookie ~ “connect.sid=(?!;)+”) {

    The behavior I get now is that those pages that have the cookie are uncached, and those that don't have it are returned from the cache.

    I came to learn that a connect.sid can be present even when not authenticated. So in my case I added another cookie auth_state that indicates login and logout and detecting that.

    Thanks, Bahadir

    Comment actions Permalink

Please sign in to leave a comment.