Mailing List Archive: Varnish: Misc

When setting a cookie, the old ones are lost

Index | Next | Previous | View Threaded

Cornel.Vaideanu at greppysystems

Aug 24, 2012, 1:36 AM

Post #1 of 7 (335 views)
Permalink

When setting a cookie, the old ones are lost

Hello
I am using Varnish 3 in in front of apache with php. I need to set a cookie in the browser every time the user doesn't receive a 503 response I use the following code:

if(resp.status != 503) {
set resp.http.Set-Cookie = "my_error_cookie =false; expires: Session; path=/";
}

The problem is that the cookies received from apache are rewritten, if I use this I never receive the PHPSESSID cookie. For debug proposes I added this code :

set resp.http.X-Cookie-Debug = "Response cookie: " + resp.http.Set-Cookie;
if(resp.status != 503) {
set resp.http.Set-Cookie = " my_error_cookie=false; expires: Session; path=/";
}

set resp.http.X-Cookie-Debug2 = "Response cookie2: " + resp.http.Set-Cookie;

These are the headers that browser receives :

1. X-Cookie-Debug:
Response cookie: PHPSESSID=egf2tthsj0fm2bmt1oircumgk6; path=/
2. X-Cookie-Debug2:
Response cookie2: my_error_cookie=false; expires: Session; path=/

And there is only one Set-Cookie header :
Set-Cookie:
my_error_cookie=false; expires: Session; path=/

Can you tell me how can I set a new cookie without losing the cookies that apache sends ?

Thank you very much

Cornel Vaideanu
PHP Developer

M:

[http://greppysystems.com/ftp/logo.png]
17-19A, Ploiesti Street,
Cluj-Napoca, Romania
www.greppysystems.com<http://greppysystems.com>

Cornel.Vaideanu at greppysystems

Aug 30, 2012, 12:00 AM

Post #2 of 7 (312 views)
Permalink

When setting a cookie, the old ones are lost [In reply to]

Hello
I am using Varnish 3 in in front of apache with php. I need to set a cookie in the browser every time the user doesn’t receive a 503 response I use the following code:

if(resp.status != 503) {
set resp.http.Set-Cookie = "my_error_cookie =false; expires: Session; path=/";
}

The problem is that the cookies received from apache are rewritten, if I use this I never receive the PHPSESSID cookie. For debug proposes I added this code :

set resp.http.X-Cookie-Debug = "Response cookie: " + resp.http.Set-Cookie;

if(resp.status != 503) {
set resp.http.Set-Cookie = " my_error_cookie=false; expires: Session; path=/";
}

set resp.http.X-Cookie-Debug2 = "Response cookie2: " + resp.http.Set-Cookie;

These are the headers that browser receives :

1. X-Cookie-Debug:
Response cookie: PHPSESSID=egf2tthsj0fm2bmt1oircumgk6; path=/
2. X-Cookie-Debug2:
Response cookie2: my_error_cookie=false; expires: Session; path=/

And there is only one Set-Cookie header :
Set-Cookie:
my_error_cookie=false; expires: Session; path=/

Can you tell me how can I set a new cookie without losing the cookies that apache sends ?

Thank you very much

Cornel Vaideanu
PHP Developer

M:

[http://greppysystems.com/ftp/logo.png]
17-19A, Ploiesti Street,
Cluj-Napoca, Romania
www.greppysystems.com<http://greppysystems.com>

pprocacci at datapipe

Aug 30, 2012, 12:32 AM

Post #3 of 7 (311 views)
Permalink

Re: When setting a cookie, the old ones are lost [In reply to]

You'll want to use the following vmod.

https://github.com/varnish/libvmod-header

~Paul

Don't On Thu, Aug 30, 2012 at 07:00:33AM +0000, Cornel Vaideanu wrote:
> Hello
> I am using Varnish 3 in in front of apache with php. I need to set
> a cookie in the browser every time the user doesn't receive a 503
> response I use the following code:
>
> if(resp.status != 503) {
> set resp.http.Set-Cookie =
> "my_error_cookie =false; expires: Session; path=/";
> }
>
> The problem is that the cookies received from apache are rewritten, if
> I use this I never receive the PHPSESSID cookie. For debug proposes I
> added this code :
>
> set resp.http.X-Cookie-Debug = "Response cookie: " +
> resp.http.Set-Cookie;
>
> if(resp.status != 503) {
>
> set resp.http.Set-Cookie = "
> my_error_cookie=false; expires: Session; path=/";
> }
>
> set resp.http.X-Cookie-Debug2 = "Response cookie2: " +
> resp.http.Set-Cookie;
>
> These are the headers that browser receives :
>
> 1. X-Cookie-Debug:
> Response cookie: PHPSESSID=egf2tthsj0fm2bmt1oircumgk6; path=/
> 2. X-Cookie-Debug2:
> Response cookie2: my_error_cookie=false; expires: Session; path=/
>
> And there is only one Set-Cookie header :
> Set-Cookie:
> my_error_cookie=false; expires: Session; path=/
>
>
> Can you tell me how can I set a new cookie without losing the cookies
> that apache sends ?
>
> Thank you very much
>
> Cornel Vaideanu
> PHP Developer
> M:
> [logo.png]
> 17-19A, Ploiesti Street,
> Cluj-Napoca, Romania
> [1]www.greppysystems.com
>
> References
>
> 1. http://greppysystems.com/

> _______________________________________________
> varnish-misc mailing list
> varnish-misc [at] varnish-cache
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

________________________________

This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.

_______________________________________________
varnish-misc mailing list
varnish-misc [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

perbu at varnish-software

Aug 30, 2012, 12:48 AM

Post #4 of 7 (311 views)
Permalink

Re: When setting a cookie, the old ones are lost [In reply to]

Hi,

On Thu, Aug 30, 2012 at 9:00 AM, Cornel Vaideanu <
Cornel.Vaideanu [at] greppysystems> wrote:

>
> Can you tell me how can I set a new cookie without losing the cookies that
> apache sends ?
>

The problem is that there can, according to the IETF, only one Set-Cookie
header. What you want to so is to modify the exsisting set-cookie header.

Something like:
set resp.http.set-cookie = resp.http.set-cookie + ";foo=bar"

You could add another Set-Cookie header as Paul proposed but that breaks
the spec, all though it will probably work for at least 99% of the clients
out there.

Per.

--
Per Buer
Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
*Varnish makes websites fly!*
Whitepapers <http://www.varnish-software.com/whitepapers> |
Video<http://www.youtube.com/watch?v=x7t2Sp174eI> |
Twitter <https://twitter.com/varnishsoftware>

Cornel.Vaideanu at greppysystems

Aug 30, 2012, 1:13 AM

Post #5 of 7 (311 views)
Permalink

RE: When setting a cookie, the old ones are lost [In reply to]

Hello
Thank you for the advices, in this scenario I am forced to use a cookie because I want to make a 307 redirect every time varnish would send 503 to borwser, but I need to send a cookie to prevent redirect loops.

If you have any solution for this, your advice will be highly appreciated.

I tried this way: set resp.http.set-cookie = resp.http.set-cookie + ";foo=bar"
but it didn't work for me. Are you sure this method should work or I am forced to use the vmod that Paul suggested ?

Thank you very much

________________________________
From: Per Buer [perbu [at] varnish-software]
Sent: Thursday, August 30, 2012 10:48 AM
To: Cornel Vaideanu
Cc: varnish-misc [at] varnish-cache
Subject: Re: When setting a cookie, the old ones are lost

Hi,

On Thu, Aug 30, 2012 at 9:00 AM, Cornel Vaideanu <Cornel.Vaideanu [at] greppysystems<mailto:Cornel.Vaideanu [at] greppysystems>> wrote:

Can you tell me how can I set a new cookie without losing the cookies that apache sends ?

The problem is that there can, according to the IETF, only one Set-Cookie header. What you want to so is to modify the exsisting set-cookie header.

Something like:
set resp.http.set-cookie = resp.http.set-cookie + ";foo=bar"

You could add another Set-Cookie header as Paul proposed but that breaks the spec, all though it will probably work for at least 99% of the clients out there.

Per.

--
[http://www.varnish-software.com/sites/default/files/varnishsoft_white_190x47.png]
Per Buer
Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
Varnish makes websites fly!
Whitepapers<http://www.varnish-software.com/whitepapers> | Video<http://www.youtube.com/watch?v=x7t2Sp174eI> | Twitter<https://twitter.com/varnishsoftware>

Cornel Vaideanu
PHP Developer

M:

[http://greppysystems.com/ftp/logo.png]
17-19A, Ploiesti Street,
Cluj-Napoca, Romania
www.greppysystems.com<http://greppysystems.com>

pprocacci at datapipe

Aug 30, 2012, 2:01 AM

Post #6 of 7 (309 views)
Permalink

Re: When setting a cookie, the old ones are lost [In reply to]

The problem is simply with browsers interpreting set-cookie headers
differently.

While appending '; foo=bar' _should_ work, it _will not_ work in all
browsers.

All the major browsers that I've tested have worked with sending
multiple set-cookie headers. That's not to say it's right, but it
is to say it works _for me_.

You need to for obvious reasons test this for yourself to confirm, but
my solution has always been to add additional set-cookie headers
(which you can accompish easily with that vmod).

~Paul

On Thu, Aug 30, 2012 at 08:13:58AM +0000, Cornel Vaideanu wrote:
> Hello
> Thank you for the advices, in this scenario I am forced to use a
> cookie because I want to make a 307 redirect every time varnish would
> send 503 to borwser, but I need to send a cookie to prevent redirect
> loops.
> If you have any solution for this, your advice will be highly
> appreciated.
> I tried this way: set resp.http.set-cookie = resp.http.set-cookie +
> ";foo=bar"
> but it didn't work for me. Are you sure this method should work or I
> am forced to use the vmod that Paul suggested ?
> Thank you very much
> __________________________________________________________________
>
> From: Per Buer [perbu [at] varnish-software]
> Sent: Thursday, August 30, 2012 10:48 AM
> To: Cornel Vaideanu
> Cc: varnish-misc [at] varnish-cache
> Subject: Re: When setting a cookie, the old ones are lost
> Hi,
> On Thu, Aug 30, 2012 at 9:00 AM, Cornel Vaideanu
> <[1]Cornel.Vaideanu [at] greppysystems> wrote:
>
>
> Can you tell me how can I set a new cookie without losing the cookies
> that apache sends ?
>
> The problem is that there can, according to the IETF, only one
> Set-Cookie header. What you want to so is to modify the exsisting
> set-cookie header.
> Something like:
> set resp.http.set-cookie = resp.http.set-cookie + ";foo=bar"
> You could add another Set-Cookie header as Paul proposed but that
> breaks the spec, all though it will probably work for at least 99% of
> the clients out there.
> Per.
> --
> [varnishsoft_white_190x47.png]
> Per Buer
> Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
> Varnish makes websites fly!
> [2]Whitepapers | [3]Video | [4]Twitter
>
> Cornel Vaideanu
> PHP Developer
> M:
> [logo.png]
> 17-19A, Ploiesti Street,
> Cluj-Napoca, Romania
> [5]www.greppysystems.com
>
> References
>
> 1. mailto:Cornel.Vaideanu [at] greppysystems
> 2. http://www.varnish-software.com/whitepapers
> 3. http://www.youtube.com/watch?v=x7t2Sp174eI
> 4. https://twitter.com/varnishsoftware
> 5. http://greppysystems.com/

> _______________________________________________
> varnish-misc mailing list
> varnish-misc [at] varnish-cache
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

________________________________

This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.

_______________________________________________
varnish-misc mailing list
varnish-misc [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Cornel.Vaideanu at greppysystems

Aug 30, 2012, 3:54 AM

Post #7 of 7 (316 views)
Permalink

RE: When setting a cookie, the old ones are lost [In reply to]

Hello
I understand, thank you for the explanations. I have installed the vmod you suggested and it works now.
I have also needed to compile varnish from sources. ( for feature help... )

Thank you

________________________________________
From: Paul A. Procacci [pprocacci [at] datapipe]
Sent: Thursday, August 30, 2012 12:01 PM
To: Cornel Vaideanu
Cc: Per Buer; varnish-misc [at] varnish-cache
Subject: Re: When setting a cookie, the old ones are lost

The problem is simply with browsers interpreting set-cookie headers
differently.

While appending '; foo=bar' _should_ work, it _will not_ work in all
browsers.

All the major browsers that I've tested have worked with sending
multiple set-cookie headers. That's not to say it's right, but it
is to say it works _for me_.

You need to for obvious reasons test this for yourself to confirm, but
my solution has always been to add additional set-cookie headers
(which you can accompish easily with that vmod).

~Paul

On Thu, Aug 30, 2012 at 08:13:58AM +0000, Cornel Vaideanu wrote:
> Hello
> Thank you for the advices, in this scenario I am forced to use a
> cookie because I want to make a 307 redirect every time varnish would
> send 503 to borwser, but I need to send a cookie to prevent redirect
> loops.
> If you have any solution for this, your advice will be highly
> appreciated.
> I tried this way: set resp.http.set-cookie = resp.http.set-cookie +
> ";foo=bar"
> but it didn't work for me. Are you sure this method should work or I
> am forced to use the vmod that Paul suggested ?
> Thank you very much
> __________________________________________________________________
>
> From: Per Buer [perbu [at] varnish-software]
> Sent: Thursday, August 30, 2012 10:48 AM
> To: Cornel Vaideanu
> Cc: varnish-misc [at] varnish-cache
> Subject: Re: When setting a cookie, the old ones are lost
> Hi,
> On Thu, Aug 30, 2012 at 9:00 AM, Cornel Vaideanu
> <[1]Cornel.Vaideanu [at] greppysystems> wrote:
>
>
> Can you tell me how can I set a new cookie without losing the cookies
> that apache sends ?
>
> The problem is that there can, according to the IETF, only one
> Set-Cookie header. What you want to so is to modify the exsisting
> set-cookie header.
> Something like:
> set resp.http.set-cookie = resp.http.set-cookie + ";foo=bar"
> You could add another Set-Cookie header as Paul proposed but that
> breaks the spec, all though it will probably work for at least 99% of
> the clients out there.
> Per.
> --
> [varnishsoft_white_190x47.png]
> Per Buer
> Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
> Varnish makes websites fly!
> [2]Whitepapers | [3]Video | [4]Twitter
>
> Cornel Vaideanu
> PHP Developer
> M:
> [logo.png]
> 17-19A, Ploiesti Street,
> Cluj-Napoca, Romania
> [5]www.greppysystems.com
>
> References
>
> 1. mailto:Cornel.Vaideanu [at] greppysystems
> 2. http://www.varnish-software.com/whitepapers
> 3. http://www.youtube.com/watch?v=x7t2Sp174eI
> 4. https://twitter.com/varnishsoftware
> 5. http://greppysystems.com/

> _______________________________________________
> varnish-misc mailing list
> varnish-misc [at] varnish-cache
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

________________________________

This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.

Cornel Vaideanu
PHP Developer

M:

[http://greppysystems.com/ftp/logo.png]
17-19A, Ploiesti Street,
Cluj-Napoca, Romania
www.greppysystems.com<http://greppysystems.com>

_______________________________________________
varnish-misc mailing list
varnish-misc [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads