I know Vary: Cookie
is not well liked, since it causes caching of every variation of cookies a user might report. On the other hand, without it, I've had to use Cache-Control: no-cache
to tell my NGINX caching server to skip caching content entirely that might have a user logged in (every page of my site, incidentally, since there's an account box at the top of the page).
I only send cookies if the user logs in, so most page views would benefit from caching. I would like to narrow it down so that there are only two variations: a cached version for users whose "variance" is that they have no cookies and a non-cached version for those who have cookies (e.g. the user is logged in and has authentication cookies).
If I add "Vary: Cookie" to my Perl program, is there a way for me to tell NGINX that in this case it should only pay attention to whether a sessionId
cookie exists or not? Something along the lines of -- to make a pseudo-header -- Vary: Cookie('sessionId')
? If there is a way to implement this in the header produced by the script that NGINX would then respect, I think I'd prefer that over putting it in the NGINX configuration, but any solution would be appreciated.
I'm not entirely sure how to test if I'll cause NGINX to go crazy with caching, but I wonder if something along these lines could work: on a viewer who is not logged in, the script sends Vary: Cookie
, but on a viewer who is logged in, it sends both that header and Cache-Control: no-cache
. Would NGINX understand this to be telling it to cache the first response but not the variant? Or would I mess something up in ways I'm not catching just now?
Update: Here's a sample of one of my server blocks:
server {
server_name myservername.tld
listen 80;
location / {
proxy_cache $PROXY_CACHE;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout http_429 http_500 http_502 http_503 http_504;
proxy_cache_background_update on;
proxy_cache_revalidate on;
proxy_cache_min_uses 1;
proxy_cache_lock on;
proxy_pass $scheme://$APACHE_PROXY_REQ_IP:$APACHE_PROXY_REQ_PORT;
}
}
You should look at the directives
proxy_no_cache
andproxy_cache_bypass
.proxy_no_cache
tells nginx the conditions under which it should not cache the response from your app. You can define this to be just about whatever you wish, e.g.:proxy_cache_bypass
operates in the other direction: it tells nginx when a request should not be served from cache but instead passed on to your app, even if a cached entry exists.