Varnish ESI Request -- What Cookie Is Sent?

Question

New to varnish, not new to HTTP. Apologies if this is newbie/obvious territory, but Googling about hasn't revealed the answer.

When varnish makes an request to an esi include url

1. What cookie (and other request information) is it sending along by default

2. Is this programmatically controllable via the vcl configuration file.

That is -- it's my understanding that the point of the esi includes in varnish is to allow statefull information to be populated into a page that is pulled from cache. This statefull information is (presumably) fetched by the application using a session id, which is usually implemented via data sent in the cookie.

What's not clear to me is if varnish just passes along

• The original request's cookie information
• The application's response cookie
• Something else

And irrespective of what varnish passes along by default, can this be controlled in the varnish vcl file?

(A PHP app, if it matters)

Answer 1

Just did some digging around and it seems the cookies are passed to the ESI requests.

The ESI requests will also be processed by varnish. This allows you to process all the request headers and caching behavior again for that specific ESI object.

At http://blog.lavoie.sl/2013/08/varnish-esi-and-cookies.html I found the following example. This should allow you to unset / or leave cookies for specific esi request.

sub vcl_recv {
  if (req.esi_level > 0) {
    # Backend may want to treat this request differently
    set req.http.X-Esi-Level = req.esi_level;

    if (req.url !~ "esi-cookies=1") {
      unset req.http.cookie;
    }
  } else {
    unset req.http.X-Esi-Level; # remove for security
  }
}

sub vcl_fetch {
  # Activate Edge Side Includes, but only if X-Esi header is present
  if (beresp.http.X-Esi) {
    set beresp.do_esi = true;
    unset beresp.http.X-Esi; # remove header
  }
}