You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: http_cache/varnish.rst
+5-8
Original file line number
Diff line number
Diff line change
@@ -70,21 +70,18 @@ into :ref:`caching pages that contain CSRF protected forms <caching-pages-that-c
70
70
Cookies created in JavaScript and used only in the frontend, e.g. when using
71
71
Google Analytics, are nonetheless sent to the server. These cookies are not
72
72
relevant for the backend and should not affect the caching decision. Configure
73
-
your Varnish cache to `clean the cookies header`_. You want to keep the
74
-
session cookie, if there is one, and get rid of all other cookies so that pages
75
-
are cached if there is no active session. Unless you changed the default
76
-
configuration of PHP, your session cookie has the name ``PHPSESSID``:
73
+
your Varnish cache to `clean the cookies header`_. The goal is to retain only essential cookies—such as session cookies—and remove all others. By doing this, pages can still be cached when there is no active session. If you are using PHP and have not changed its default configuration, the session cookie is typically named PHPSESSID. Additionally, if your application relies on other important cookies, such as a "REMEMBERME" cookie for "remember me" functionality or "trusted_device" for 2FA, these cookies should also be preserved.
77
74
78
75
.. configuration-block::
79
76
80
77
.. code-block:: varnish4
81
78
82
79
sub vcl_recv {
83
-
// Remove all cookies except the session ID.
80
+
// Remove all cookies except for essential ones.
84
81
if (req.http.Cookie) {
85
82
set req.http.Cookie = ";" + req.http.Cookie;
86
83
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
87
-
set req.http.Cookie = regsuball(req.http.Cookie, ";(PHPSESSID)=", "; \1=");
84
+
set req.http.Cookie = regsuball(req.http.Cookie, ";(PHPSESSID|REMEMBERME)=", "; \1=");
88
85
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
89
86
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
90
87
@@ -98,11 +95,11 @@ configuration of PHP, your session cookie has the name ``PHPSESSID``:
98
95
.. code-block:: varnish3
99
96
100
97
sub vcl_recv {
101
-
// Remove all cookies except the session ID.
98
+
// Remove all cookies except for essential ones.
102
99
if (req.http.Cookie) {
103
100
set req.http.Cookie = ";" + req.http.Cookie;
104
101
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
105
-
set req.http.Cookie = regsuball(req.http.Cookie, ";(PHPSESSID)=", "; \1=");
102
+
set req.http.Cookie = regsuball(req.http.Cookie, ";(PHPSESSID|REMEMBERME)=", "; \1=");
106
103
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
107
104
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
0 commit comments