Cookie problem with proxy cache

Jérôme Loyet jerome at loyet.net
Tue Nov 17 21:13:03 MSK 2009 

2009/11/17 Emanuele Pucciarelli <lists at ruby-forum.com>:
> Ole Laursen wrote:
>
>> I've fixed the problem by adding a proxy_pass_header Set-Cookie. But I
>> guess the
>> root of the problem is that nginx thinks it can cache the page in spite
>> of the
>> "Vary: cookie" header. Isn't this a bug?
>
> I'm wondering too how to use proxy_cache correctly. I've added
> "proxy_set_header Cookie $http_cookie;" and I have also made sure that
> $http_cookie is part of the proxy_cache_key, or nginx would return
> cached pages (meant for a specific user who had previously logged in)
> for any request.
>
> I guess that I'd like NOT to cache any responses whose request included
> a Cookie: header, but proxy_cache cannot work in a conditional section,
> and I guess that there's a good reason for that.
>
> I'd truly appreciate guidance on this subject.

Cookies are a way to generate dynamic pages in function of user action.
Cache does take into account users, it does not know them.
Both are incompatible (in most cases).

Example:

The first time you're visiting a website, you arrive without any
cookies (you're anonymous). It says it has never seen you before.
In addition to the response, the webserver send you back a cookie
saying ("today at 7:04").

The second time you're visiting this website, you're sending the
cookie and it says it saw you "today at 7:04".
In addition to the response, the webserver send you an update of the
cookie saying ("today at 7:05")
...

But if in front of the webserver you're using cache, the first time
it'll fetch the page saying you're anonymous. The second time, it will
send you the page from cache saying you're anonymous even if it's
false.

You can imagine how it can be with multiple users at the same time.

Cache mechanisms ignore cookies (an incoming cookie is not sent to the
backend server and a cookie from a backend user is not sent back to
the final user) because it doesn't know how to deal with them.

Even if it can deal with them (page A with cookie A is cached as file
C1 and page A with cookie B is cached as file C2). In this case cache
is totally useless because each couple PAGE/COOKIE is unique and there
is almost nothing to gain here.

Hope this helps.

++ jerome

>
> Thanks!
> --
> Posted via http://www.ruby-forum.com/.
>
>

More information about the nginx mailing list