即使用户未登录,Laravel也会设置cookie。这会强制Varnish将每个请求发送到后端。我使用http://abeak.blogspot.co.uk/2014/12/caching-laravel-with-varnish.html包遇到了一些人(Session Monster),如果用户未经过身份验证,则会设置X-No-Session标头。这是一个Laravel 4软件包,所以我创建了一个中间件,如果用户没有被刷新,则会设置标头。
我无法弄清楚如何在没有设置标头的情况下让Varnish将请求发送到后端。我非常感谢任何指导!
修改
如果用户未登录,此中间件会设置X-No-Session标头:
<?php
namespace App\Http\Middleware;
use Closure;
use Session;
class StripSessionsIfNotAuthenticated
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if(auth()->check()) {
return $next($request);
}
return $next($request)->header('X-No-Session', 'yeah');
}
}
然后我将链接文章中的VCL转换为VCL V4:
#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples.
# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
# Default backend definition. Set this to point to your content server.
backend default {
.host = "127.0.0.1";
.port = "8080";
}
sub vcl_recv {
# Happens before we check if we have this in cache already.
#
# Typically you clean up the request here, removing cookies you don't need,
# rewriting the request, etc.
if (req.url ~ "^/auth" || req.method == "POST" || req.http.Authorization) {
return (pass);
}
if (req.url ~ "\.(png|gif|jpg|css|js|ico|woff|woff2|svg)$") {
unset req.http.cookie;
return (hash);
}
if (req.http.X-No-Session ~ "yeah" && req.method != "POST") {
unset req.http.cookie;
}
return (hash);
}
sub vcl_backend_response {
# Happens after we have read the response headers from the backend.
#
# Here you clean the response headers, removing silly Set-Cookie headers
# and other mistakes your backend does.
set beresp.ttl = 1d;
if (bereq.method == "GET" && bereq.url ~ "\.(png|gif|jpg|css|js|ico|woff|woff2|svg)$") {
unset beresp.http.set-cookie;
set beresp.ttl = 5d;
}
return (deliver);
}
sub vcl_deliver {
# Happens when we have all the pieces we need, and are about to send the
# response to the client.
#
# You can do accounting or modifying the final object here.
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
}
答案 0 :(得分:0)
尝试替换
if (req.http.X-No-Session ~ "yeah") {
unset req.http.cookie;
}
X-No-Session函数中
{{1}}
因此,如果您拥有{{1}}标题,则转储cookie。而这又不会基于cookie传递到后端。目前您正在说是否有cookie,请转到后端。正如您所知,总会有一个cookie。
如果它也有任何帮助,DEMO FIDDLE。
答案 1 :(得分:0)
您的想法很棒,但主要问题是您必须从后端响应中测试X-No-Session标头,而不是客户端请求。
我设法让它重写为vcl_backend_response():
sub vcl_backend_response {
set beresp.ttl = 1d;
if (beresp.http.X-No-Session ~ "yeah" && bereq.method != "POST") {
unset beresp.http.set-cookie;
}
if (bereq.method == "GET" && bereq.url ~ "\.(png|gif|jpg|css|js|ico|woff|woff2|svg)$") {
unset beresp.http.set-cookie;
set beresp.ttl = 5d;
}
return (deliver);
}
通过这种方式,来自后端的响应被缓存从不需要的会话cookie中清除。
编辑:顺便说一下,使用
$response->headers->set('X-No-Session', 'yeah');
也可以使用重定向响应。