On Thu, Aug 26, 2010 at 2:46 PM, James H Thompson <jht(a)lj.net> wrote:
I am setting up Varnish as a front end cache for a
Mediawiki 1.16
installation.
I started with the VCL configuration described here:
http://www.mediawiki.org/wiki/Manual:Varnish_caching
Varnish was not hitting its cache for many requests due to Mediawiki
cookies being in the client request.
Varnish VCL checks for cookies like this:
# Pass requests from logged-in users directly.
if (req.http.Authorization || req.http.Cookie)
{pass;} /* Not cacheable by default */
Digging through the traces and logs I noticed that a client can end up with
Mediawiki cookies without ever having logged into to Mediawiki.
In addtion, Mediawiki does not clear all of its cookies on a logout.
Visiting a Mediawiki login page without even attempting to login
results in a "mw_session" cookie being set. This results in Varnish
treating all subsequent requests as coming from a logged in user
and ignores the Varnish cache.
If you login to Mediawiki, the client ends up with these cookies:
mwUserID=
mwUserName=
mw_session=
After logging out it looks like:
mwUserName=
mw_session=
mwLoggedOut=
So after a logout, the Varnish cache is still ignored.
Its possible to add checks to the Varnish VCL to ignore the spurious
Mediawiki cookies, but
I'm wondering if others have run into the same issue and how they have
addressed it.
On my personal site, I changed:
if (req.http.Authorization || req.http.Cookie)
to:
if (req.http.Authorization)
Whether or not that is a good idea, I don't know. You may be able to
pass on specific cookies as well; a good one to pass on would be the
actual authentication cookie.
Respectfully,
Ryan Lane