On Thu, Aug 26, 2010 at 2:46 PM, James H Thompson jht@lj.net wrote:
I am setting up Varnish as a front end cache for a Mediawiki 1.16 installation. I started with the VCL configuration described here: http://www.mediawiki.org/wiki/Manual:Varnish_caching Varnish was not hitting its cache for many requests due to Mediawiki cookies being in the client request. Varnish VCL checks for cookies like this:
# Pass requests from logged-in users directly. if (req.http.Authorization || req.http.Cookie) {pass;} /* Not cacheable by default */
Digging through the traces and logs I noticed that a client can end up with Mediawiki cookies without ever having logged into to Mediawiki. In addtion, Mediawiki does not clear all of its cookies on a logout.
Visiting a Mediawiki login page without even attempting to login results in a "mw_session" cookie being set. This results in Varnish treating all subsequent requests as coming from a logged in user and ignores the Varnish cache.
If you login to Mediawiki, the client ends up with these cookies:
mwUserID= mwUserName= mw_session=
After logging out it looks like:
mwUserName= mw_session= mwLoggedOut=
So after a logout, the Varnish cache is still ignored.
Its possible to add checks to the Varnish VCL to ignore the spurious Mediawiki cookies, but I'm wondering if others have run into the same issue and how they have addressed it.
On my personal site, I changed:
if (req.http.Authorization || req.http.Cookie)
to:
if (req.http.Authorization)
Whether or not that is a good idea, I don't know. You may be able to pass on specific cookies as well; a good one to pass on would be the actual authentication cookie.
Respectfully,
Ryan Lane