---
title: "Cookies and Varnish"
date: "2024-02-14T06:18:38+00:00"
summary: "Optimize Varnish caching with smart cookie handling. Learn how to manage session cookies, parse custom cookies, and leverage Acquia-provided cookies for improved performance and caching strategies."
image:
type: "page"
url: "/acquia-cloud-platform/cookies-and-varnish"
id: "65e92bb7-416f-4bc4-ab09-c22afbb42925"
---

Table of contents will be added

Any response with a session cookie in the `Cookie` header is not stored in the Varnish cache. If any part of the cookie matches the regular expression `S?SESS[a-zA-Z0-9]*`, `NO_CACHE`, or `PERSISTENT_LOGIN_*`, the response bypasses the cache. If a request contains a Basic Authentication header, for example, `Authorization: Basic`, the request bypasses a cached Varnish response.

In all requests for static assets, all cookie headers, including session cookies, are stripped and most responses are stored in the Varnish cache. For more information on exceptions to cache storage, see [Stripping cookies from static files](/acquia-cloud-platform/performance/varnish/files#cookies-stripped-static-files).

The full cookie header is sent to your application unaltered by the Varnish cache.

If your application creates different cacheable content dependent on cookie values, you can instruct the Varnish cache to store and return different objects by utilizing the `Vary` response header.

Ensure that you are careful while setting cookies with `Vary`. The Cloud Platform Varnish implementation can extract and manipulate such cookies. Cloud Platform Varnish ignores all cookies except those named `acquia_a`, `acquia_b`, `acquia_c`, and the _one_ response cookie prefixed with `acquia_extract`.

Example one: Parsing a custom cookie
------------------------------------

Cloud Platform parses a single request cookie prefixed with `acquia_extract:`. For example. `acquia_extract:WEBSHOP_CART_ID`.

To illustrate, if Cloud Platform receives a request with the header, `Cookie:acquia_extract:WEBSHOP_CART_ID=1234;`, the platform converts that into the following multiple headers, which reach your application's web layer:

    Cookie: WEBSHOP_CART_ID=1234
    X-Acquia-Cookie-Key: WEBSHOP_CART_ID
    X-Acquia-Cookie-Value: 1234

You can configure your application to provide a `Cache-Control: no-cache` response header for all requests where the value of `X-Acquia-Cookie-Key` is `WEBSHOP_CART_ID`, or to respond with a `Vary: X-Acquia-Cookie-Key,X-Acquia-Cookie-Value` header to vary the cache. 

Example two: Passing Acquia-provided cookies
--------------------------------------------

Acquia provides the following generic cookies that can be customized with any value useful to your application. The advantage is that these request cookies are converted to headers and therefore, the Varnish cache can be varied on them.

Cookie

Header value

`Cookie: acquia_a=blue;`

`X-Acquia-Cookie-A: blue`

`Cookie: acquia_b=green;`

`X-Acquia-Cookie-B: green`

`Cookie: acquia_c=red;`

`X-Acquia-Cookie-C: red`

Consider a request that comes to Cloud Platform with the following cookie header:

    Cookie: specific_thing=anything;clicked_banner=0;acquia_a=blue;acquia_b=green;acquia_extract:WEBSHOP_CART_ID=1234;category=shirts;

For the preceding request, the system expands the request headers and sends the following to your application:

    X-Acquia-Cookie-Key: WEBSHOP_CART_ID
    X-Acquia-Cookie-Value: 1234
    X-Acquia-Cookie-A: blue
    X-Acquia-Cookie-B: green
    Cookie: specific_thing=anything;clicked_banner=0;acquia_a=blue;acquia_b=green;WEBSHOP_CART_ID=1234;category=shirts;

Note

The `acquia_extract:` prefix is removed from the cookie header value. Your application can inspect the `X-Acquia-Cookie-*` headers to serve personalized content. Depending on which cookies influence your response, ensure the response includes a `Vary: X-Acquia-Cookie-[A|B|C]` header for each relevant cookie. Alternatively, to prevent content caching, you can add a `Cache-Control: no-cache` header to your response.

Therefore, Cloud Platform enables you to vary cached content based on some specific cookie values.

Important

Acquia recommends that you avoid more than ten variations of each response. If there are multiple variations, the cache fills up, and underperforms or fails. Therefore, you should avoid caching based on unpredictable cookie values, such as identifiers, timestamps, or other random data.  

For more information on varying cache by cookie and setting the Vary header on your application’s responses, visit [Best practices for using the Vary header](https://www.fastly.com/blog/best-practices-using-vary-header).

Session cookies invalidate Varnish caching
------------------------------------------

Content containing Drupal session cookies are never cached, as they contain personalized information that should not be displayed to other users.

Important

For a list of several common Drupal modules that set Drupal session cookies (which invalidates Varnish caching), see [Modules and applications incompatible with Cloud Platform](/acquia-cloud-platform/develop-apps/drupal-apps/module-incompatibilities).

Stripping cookie headers from static assets
-------------------------------------------

Certain file types managed by Drupal in the `modules`, `themes`, `files`, or `libraries` directories have incoming cookie headers removed. For more information, see [Stripping cookies from static files](/acquia-cloud-platform/performance/varnish/files#cookies-stripped-static-files).

Troubleshooting cookie values
-----------------------------

In PHP, `$_COOKIE` is populated as an array from the values in an incoming request’s `Cookie` header. To access this array, your application should parse this array during each Drupal request, such as during `hook_init`. When troubleshooting your application, code similar to the following examples enables you to review the values stored in your cookie array:

*   `var_dump($_COOKIE);`
*   `print_r($_COOKIE);`

Reference material
------------------

The length of time that a cacheable object is stored in the Varnish cache is determined by the cache control headers, such as `Cache-Control` and `Cache-Control: s-maxage`. For more information on controlling cache lifetime, read the following articles:

*   [Configuring Drupal cache settings for Varnish](/acquia-cloud-platform/performance/varnish/drupal)
*   [Set max-age headers for specific pages, files, or paths](/acquia-cloud-platform/help/92841-set-max-age-headers-specific-pages-files-or-paths "Set max-age headers for specific pages, files, or paths")