esi problem

X.H.R.F.C. xhrfc at yahoo.com
Thu Aug 23 11:22:41 CEST 2012 

Hello all,

I have a big problem with auth cookie, esi include on my website. In my page i have a section made for auth users, it has 2 stages:
- if auth is made, show some user specific things, if not shows login button
auth works, logout works ... BUT somethimes after i logout i get details for some other user like i'm logged in with that user (but i'm not and there is no auth cookie for it ... is just like plain html only from varnish, on refresh it goes away randomly)
I control esi trough http headers like u will see in my confs bellow.

If someone finds what is the problem, please let me know.

VARNISH
Package: varnish
Status: install ok installed
Priority: optional
Section: web
Installed-Size: 1295
Maintainer: Varnish Package Maintainers <pkg-varnish-devel at lists.alioth.debian.org>
Architecture: amd64
Version: 3.0.2-2


site.vcl
================================================================================================================
import std;
# server 1
backend drr0001 {
    .host = "drr0001";
    .port = "80";
    .connect_timeout = 1s;
    .first_byte_timeout = 30s;
    .between_bytes_timeout = 30s;
    .probe = {
                .url = "/";
                .interval = 2m;
                .timeout = 20s;
                .window = 5;
                .threshold = 3;
  }
}

# server 2
backend drr0002 {
    .host = "drr0002";
    .port = "80";
    .connect_timeout = 1s;
    .first_byte_timeout = 30s;
    .between_bytes_timeout = 30s;
    .probe = {
                .url = "/";
                .interval = 2m;
                .timeout = 20s;
                .window = 5;
                .threshold = 3;
  }

}

# server 3
backend drr0003 {
    .host = "drr0003";
    .port = "80";
    .connect_timeout = 1s;
    .first_byte_timeout = 30s;
    .between_bytes_timeout = 30s;
    .probe = {
                .url = "/";
                .interval = 2m;
                .timeout = 20s;
                .window = 5;
                .threshold = 3;
  }

}

# Round-Robin load balance site hosts
director site round-robin {
        {
                .backend = drr0001;
        }
        {
                .backend = drr0002;
        }
        {
                .backend = drr0003;
        }
}

# ACL to allow cache Purge
acl purge {
"drr0001";
"drr0002";
"drr0003";
"drr0001-ifnet";
"drr0002-ifnet";
"drr0003-ifnet";
}

# Receive
sub vcl_recv {
# check acl purge at the top and purges
  if (req.request == "PURGE") 
{
    if (!client.ip ~ purge) {
      error 404 "Not Found!";
    }
    return (lookup);
  }
  
if (! req.http.Host)
{
error 404 "Your query need a host header !";
}
if (req.http.Host ~ "test.site.com")
{
set req.backend = site;
include "/etc/varnish/site-esi-recv.vcl";
}
else
{
error 404 "No Varnish configuration for your host header.";
}
}

## FETCH
sub vcl_fetch {
if (req.restarts > 3) {
set beresp.saintmode = 5m;
}
if (req.http.Host ~ "test.site.com")
{
include "/etc/varnish/site-esi-fetch.vcl";
}
else
{
return (deliver);
}
}

# HIT
sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}

# MISS
sub vcl_miss {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}


## DELIVER
sub vcl_deliver {
if (obj.hits > 0) {
        set resp.http.X-Varnish-Cache = "From VARNISH (" +obj.hits+ ")";
    } else {
        set resp.http.X-Varnish-Cache = "MISS";
    }
# Secure the header
#remove resp.http.Via;
#remove resp.http.X-Varnish;
#remove resp.http.Server;
#remove resp.http.X-Powered-By;
}

================================================================================================================

site-esi-fetch.vcl

================================================================================================================

# Enable ESI
set beresp.do_esi = true;
set beresp.ttl = 0s;

if (beresp.http.esi-enabled == "true") {
        set beresp.ttl = std.duration(beresp.http.esi-ttl,1m);
        unset beresp.http.esi-enabled;
unset beresp.http.esi-ttl;
}

return (deliver);

================================================================================================================

site-esi-recv.vcl

================================================================================================================

# Compatiblity with Apache log
remove req.http.X-Forwarded-For;
set    req.http.X-Forwarded-For = client.ip;

# Post requests will not be cached
if (req.request == "POST") 
{
return (pass);
}

# Pass Auth sessions
if (req.url ~ "auth/esirander" || req.url ~ "admin" || req.url ~ "support"){
return (pass);
}else{
unset req.http.cookie;
}

# Normalize encoding/compression
if (req.http.Accept-Encoding) 
{
if (req.http.Accept-Encoding ~ "gzip") 
{ 
set req.http.Accept-Encoding = "gzip";     
}
elsif (req.http.Accept-Encoding ~ "deflate") 
{ 
set req.http.Accept-Encoding = "deflate"; 
}
else 
{ 
remove req.http.Accept-Encoding; 
}
}

# Serve the page
unset req.http.vary;

return (lookup);

================================================================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120823/bd50ddd7/attachment-0001.html>

More information about the varnish-misc mailing list