Skip to content

Added a case for banning user context hash object. Partial fix for #482 #427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Added a case for banning user context hash object. Partial fix for #482 #427

wants to merge 1 commit into from

Conversation

ranjzith
Copy link

This is a partial fix for banning user context hash objects from Varnish server, with out setting the right header (X-Content-Type) this would still ban all the cached content for the specified user identifier header (session id) instead of just the user context hash object. To ban only the hash response, we can either change the case in ban VCL to ban accept header or the PHP code to set the X-Content-Type header.

@dbu
Copy link
Contributor

dbu commented Oct 1, 2018

This seems indeed a good solution for FriendsOfSymfony/FOSHttpCacheBundle#482 - we will have the cookie available on responses to the hash lookup, and we specifically invalidate the request that has that cookie. as you otherwise do not copy the cookie onto the response, we will not remove any cached content requests. (banning happens on the response, never on request properties)

@lolautruche may i ask for your input on this one? am i missing something or is this the correct fix? for context, in FriendsOfSymfony/FOSHttpCacheBundle#482 @ranjzith found that we invalidate all of varnish when logging out, because the invalidation request is built on wrong assumptions.

@lolautruche
Copy link
Contributor

Hi

Looks legit to me, even thought I'd have preferred to fix this in the PHP code.

@dbu
Copy link
Contributor

dbu commented Oct 1, 2018

thanks lolautruche

even thought I'd have preferred to fix this in the PHP code.

i think we can't fix this solely in the PHP code, because we do need the cookie in the response so that we can ban the specific hash lookup request. i can't think of a good way to make this more generic or otherwise less locked with the backend. we could copy the cookie of other requests to the response too, but that would feel odd to me and i don't see value in it.

@lolautruche
Copy link
Contributor

Alright then 😃

👍

@dbu
Copy link
Contributor

dbu commented Oct 1, 2018

we are having a discussion in #403 that it would be much better to use a tag for the hash lookup response and then use tag invalidation. that would allow to use the feature with the symfony HttpCache and with the fastly CDN. even with varnish, when using xkey for tagging it would be much better than the current BAN based idea.

if we do that, we do not need to change anything in the VCL, which is another plus.

wdyt @ranjzith , does that make sense and would it fix your issue?

@dbu dbu mentioned this pull request Oct 2, 2018
Merged
@ranjzith
Copy link
Author

ranjzith commented Oct 2, 2018

Having tag based purge/invalidation for user context hash is a nice approach and it does fix my issue #482. But I am afraid I might not be able to contribute on this here.

@dbu
Copy link
Contributor

dbu commented Oct 5, 2018

fixed in #486

@dbu dbu closed this Oct 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ranjzith @dbu @lolautruche