You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cookbook/cache/varnish.rst
+9-42
Original file line number
Diff line number
Diff line change
@@ -60,8 +60,8 @@ If the ``X-Forwarded-Port`` header is not set correctly, Symfony will append
60
60
the port where the PHP application is running when generating absolute URLs,
61
61
e.g. ``http://example.com:8080/my/path``.
62
62
63
-
Session Cookies and Caching
64
-
---------------------------
63
+
Cookies and Caching
64
+
-------------------
65
65
66
66
By default, a sane caching proxy does not cache anything when a request is sent
67
67
with :ref:`cookies or a basic authentication header<http-cache-introduction>`.
@@ -76,13 +76,14 @@ at least for some parts of the site, e.g. when using forms with
76
76
start a session when actually needed, and clear the session when it is no
77
77
longer needed.
78
78
79
-
.. todo link to cookbook/session/avoid_session_start once https://github.com/symfony/symfony-docs/pull/4661 is merged
79
+
.. todo link "CSRF Protection" to https://github.com/symfony/symfony-docs/pull/4141
80
+
.. todo link "only start a session when actually needed" to cookbook/session/avoid_session_start once https://github.com/symfony/symfony-docs/pull/4661 is merged
80
81
81
-
Cookies can also be created in Javascript and used only in the frontend, e.g.
82
-
Google analytics. These cookies do not matter for the backend and should not
83
-
affect the caching decision. Configure your Varnish cache to
84
-
`clean the cookies header`_. Unless you changed the PHP configuration, your session
85
-
cookie has the name PHPSESSID:
82
+
Cookies created in Javascript and used only in the frontend, e.g. when using
83
+
Google analytics are nonetheless sent to the server. These cookies are not
84
+
relevant for the backend and should not affect the caching decision. Configure
85
+
your Varnish cache to `clean the cookies header`_. Unless you changed the
86
+
default configuration of PHP, your session cookie has the name PHPSESSID:
86
87
87
88
.. code-block:: varnish4
88
89
@@ -100,40 +101,6 @@ cookie has the name PHPSESSID:
100
101
}
101
102
}
102
103
103
-
If only small parts of your application depend on cookies (e.g. you display the
104
-
username in the header), you can use :ref:`ESI <edge-side-includes>` for those
105
-
fragments. Configure Varnish to store and look up requests in its cache even if
106
-
Cookies are present in the request:
107
-
108
-
.. code-block:: varnish4
109
-
110
-
sub vcl_recv() {
111
-
if (req.http.Cookie) {
112
-
/* Force cache lookup for requests with cookies */
113
-
return (lookup);
114
-
}
115
-
}
116
-
117
-
You need to make sure that your backend correctly sets the ``Vary`` header to
118
-
tell which responses vary on the cookie and which are the same::
119
-
120
-
public function loginAction()
121
-
{
122
-
// ...
123
-
$response->setVary('Cookie');
124
-
// ...
125
-
}
126
-
127
-
Only set the ``Vary: Cookie`` header on actions that actually depend on whether
128
-
the user is logged in, but not on any other actions.
129
-
130
-
.. caution::
131
-
132
-
Be sure to test your setup. If you do not ``Vary`` content that depends on
133
-
the session, users will see content from somebody else. If you ``Vary`` too
134
-
much, the Varnish cache will be filled with duplicate content for every
135
-
user, rendering the cache pointless as cache hits will become rare.
136
-
137
104
.. tip::
138
105
139
106
If content is not different for every user, but depends on the roles of a
0 commit comments