Gabriel Ramuglia <gabe@...> writes:
> And then, of course, cookies will be sent even when trying to access
> things like images, css, js files, which will not be changing
> regardless of the cookie sent. So vary-cookie makes sense to me. I
> guess if I were caching software, I would just decide not to cache
> anything when it said vary-cookie, and would then ignore the cookies
> otherwise, and cache anyway, even if there were cookies. That seems to
> make the most sense to me.
Yes, exactly. The backend signals that a page depends on a cookie by sending a
Vary: cookie header. Nginx shouldn't cache and send such a page to everyone.
Here's the code in Varnish that handles the Vary header:
http://varnish.projects.linpro.no/browser/trunk/varnish-cache/bin/varnishd/cache_vary.c
I think it constructs a regexp used when looking for a matching object. So my
assertion about Varnish was wrong, it actually caches the page, but it only
returns it to a client with the same cookie. Full vary supports looks like it's
some work:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.44
But I'd be happy with just support for Vary: cookie that simply bypasses the
cache. I had a brief look at the nginx code, but I'm not sure where one would do
the change?
Ole