Cookie problem with proxy cache

Gabriel Ramuglia gabe at
Tue Nov 17 21:57:18 MSK 2009

This would be true except that a lot of times cookies are set
automatically even for guest users, as a session cookie. Oftentimes,
this session cookie will not change what you're seeing at the site.

And then, of course, cookies will be sent even when trying to access
things like images, css, js files, which will not be changing
regardless of the cookie sent. So vary-cookie makes sense to me. I
guess if I were caching software, I would just decide not to cache
anything when it said vary-cookie, and would then ignore the cookies
otherwise, and cache anyway, even if there were cookies. That seems to
make the most sense to me.

2009/11/17 Jérôme Loyet <jerome at>:
> 2009/11/17 Emanuele Pucciarelli <lists at>:
>> Ole Laursen wrote:
>>> I've fixed the problem by adding a proxy_pass_header Set-Cookie. But I
>>> guess the
>>> root of the problem is that nginx thinks it can cache the page in spite
>>> of the
>>> "Vary: cookie" header. Isn't this a bug?
>> I'm wondering too how to use proxy_cache correctly. I've added
>> "proxy_set_header Cookie $http_cookie;" and I have also made sure that
>> $http_cookie is part of the proxy_cache_key, or nginx would return
>> cached pages (meant for a specific user who had previously logged in)
>> for any request.
>> I guess that I'd like NOT to cache any responses whose request included
>> a Cookie: header, but proxy_cache cannot work in a conditional section,
>> and I guess that there's a good reason for that.
>> I'd truly appreciate guidance on this subject.
> Cookies are a way to generate dynamic pages in function of user action.
> Cache does take into account users, it does not know them.
> Both are incompatible (in most cases).
> Example:
> The first time you're visiting a website, you arrive without any
> cookies (you're anonymous). It says it has never seen you before.
> In addition to the response, the webserver send you back a cookie
> saying ("today at 7:04").
> The second time you're visiting this website, you're sending the
> cookie and it says it saw you "today at 7:04".
> In addition to the response, the webserver send you an update of the
> cookie saying ("today at 7:05")
> ...
> But if in front of the webserver you're using cache, the first time
> it'll fetch the page saying you're anonymous. The second time, it will
> send you the page from cache saying you're anonymous even if it's
> false.
> You can imagine how it can be with multiple users at the same time.
> Cache mechanisms ignore cookies (an incoming cookie is not sent to the
> backend server and a cookie from a backend user is not sent back to
> the final user) because it doesn't know how to deal with them.
> Even if it can deal with them (page A with cookie A is cached as file
> C1 and page A with cookie B is cached as file C2). In this case cache
> is totally useless because each couple PAGE/COOKIE is unique and there
> is almost nothing to gain here.
> Hope this helps.
> ++ jerome
>> Thanks!
>> --
>> Posted via

More information about the nginx mailing list