Any response with a session cookie in the Cookie header is not stored in the Varnish cache. If any part of the cookie matches the regular expression S?SESS[a-zA-Z0-9]*, NO_CACHE, or PERSISTENT_LOGIN_*, the response bypasses the cache. If a request contains a Basic Authentication header, for example, Authorization: Basic, the request bypasses a cached Varnish response.

In all requests for static assets, all cookie headers, including session cookies, are stripped and most responses are stored in the Varnish cache. For more information on exceptions to cache storage, see Stripping cookies from static files.

The full cookie header is sent to your application unaltered by the Varnish cache.

If your application creates different cacheable content dependent on cookie values, you can instruct the Varnish cache to store and return different objects by utilizing the Vary response header.

Ensure that you are careful while setting cookies with Vary. The Cloud Platform Varnish implementation can extract and manipulate such cookies. Cloud Platform Varnish ignores all cookies except those named acquia_a, acquia_b, acquia_c, and the one response cookie prefixed with acquia_extract.

Example one: Parsing a custom cookie

Cloud Platform parses a single request cookie prefixed with acquia_extract:. For example. acquia_extract:WEBSHOP_CART_ID.

To illustrate, if Cloud Platform receives a request with the header, Cookie:acquia_extract:WEBSHOP_CART_ID=1234;, the platform converts that into the following multiple headers, which reach your application's web layer:

Cookie: WEBSHOP_CART_ID=1234
X-Acquia-Cookie-Key: WEBSHOP_CART_ID
X-Acquia-Cookie-Value: 1234

You can configure your application to provide a Cache-Control: no-cache response header for all requests where the value of X-Acquia-Cookie-Key is WEBSHOP_CART_ID, or to respond with a Vary: X-Acquia-Cookie-Key,X-Acquia-Cookie-Value header to vary the cache. 

Example two: Passing Acquia-provided cookies

Acquia provides the following generic cookies that can be customized with any value useful to your application. The advantage is that these request cookies are converted to headers and therefore, the Varnish cache can be varied on them.

Consider a request that comes to Cloud Platform with the following cookie header:

Cookie: specific_thing=anything;clicked_banner=0;acquia_a=blue;acquia_b=green;acquia_extract:WEBSHOP_CART_ID=1234;category=shirts;

For the preceding request, the system expands the request headers and sends the following to your application:

X-Acquia-Cookie-Key: WEBSHOP_CART_ID
X-Acquia-Cookie-Value: 1234
X-Acquia-Cookie-A: blue
X-Acquia-Cookie-B: green
Cookie: specific_thing=anything;clicked_banner=0;acquia_a=blue;acquia_b=green;WEBSHOP_CART_ID=1234;category=shirts;

Therefore, Cloud Platform enables you to vary cached content based on some specific cookie values.

Session cookies invalidate Varnish caching

Content containing Drupal session cookies are never cached, as they contain personalized information that should not be displayed to other users.

Stripping cookie headers from static assets

Certain file types managed by Drupal in the modules, themes, files, or libraries directories have incoming cookie headers removed. For more information, see Stripping cookies from static files.

Troubleshooting cookie values

In PHP, $_COOKIE is populated as an array from the values in an incoming request’s Cookie header. To access this array, your application should parse this array during each Drupal request, such as during hook_init. When troubleshooting your application, code similar to the following examples enables you to review the values stored in your cookie array:

• var_dump($_COOKIE);
• print_r($_COOKIE);

Reference material

The length of time that a cacheable object is stored in the Varnish cache is determined by the cache control headers, such as Cache-Control and Cache-Control: s-maxage. For more information on controlling cache lifetime, read the following articles:

• Configuring Drupal cache settings for Varnish
• Set max-age headers for specific pages, files, or paths

Cookies and Varnish

To illustrate, if Cloud Platform receives a request with the header, Cookie:acquia_extract:WEBSHOP_CART_ID=1234;, the platform converts that into the following multiple headers, which reach your application's web layer:

You can configure your application to provide a Cache-Control: no-cache response header for all requests where the value of X-Acquia-Cookie-Key is WEBSHOP_CART_ID, or to respond with a Vary: X-Acquia-Cookie-Key,X-Acquia-Cookie-Value header to vary the cache. 

Example two: Passing Acquia-provided cookies

Acquia provides the following generic cookies that can be customized with any value useful to your application. The advantage is that these request cookies are converted to headers and therefore, the Varnish cache can be varied on them.

Consider a request that comes to Cloud Platform with the following cookie header:

For the preceding request, the system expands the request headers and sends the following to your application:

Therefore, Cloud Platform enables you to vary cached content based on some specific cookie values.

Session cookies invalidate Varnish caching

Content containing Drupal session cookies are never cached, as they contain personalized information that should not be displayed to other users.

Stripping cookie headers from static assets

Certain file types managed by Drupal in the modules, themes, files, or libraries directories have incoming cookie headers removed. For more information, see Stripping cookies from static files.

Troubleshooting cookie values

In PHP, $_COOKIE is populated as an array from the values in an incoming request’s Cookie header. To access this array, your application should parse this array during each Drupal request, such as during hook_init. When troubleshooting your application, code similar to the following examples enables you to review the values stored in your cookie array:

• var_dump($_COOKIE);
• print_r($_COOKIE);

Reference material

The length of time that a cacheable object is stored in the Varnish cache is determined by the cache control headers, such as Cache-Control and Cache-Control: s-maxage. For more information on controlling cache lifetime, read the following articles:

• Configuring Drupal cache settings for Varnish
• Set max-age headers for specific pages, files, or paths