You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: http_cache/varnish.rst
+12-4Lines changed: 12 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -67,10 +67,18 @@ at least for some parts of the site, e.g. when using forms with
67
67
and clear the session when it is no longer needed. Alternatively, you can look
68
68
into :ref:`caching pages that contain CSRF protected forms <caching-pages-that-contain-csrf-protected-forms>`.
69
69
70
-
Cookies created in JavaScript and used only in the frontend, e.g. when using
71
-
Google Analytics, are nonetheless sent to the server. These cookies are not
72
-
relevant for the backend and should not affect the caching decision. Configure
73
-
your Varnish cache to `clean the cookies header`_. The goal is to retain only essential cookies—such as session cookies—and remove all others. By doing this, pages can still be cached when there is no active session. If you are using PHP and have not changed its default configuration, the session cookie is typically named PHPSESSID. Additionally, if your application relies on other important cookies, such as a "REMEMBERME" cookie for "remember me" functionality or "trusted_device" for 2FA, these cookies should also be preserved.
70
+
Cookies created in JavaScript and used only on the frontend, such as those from
71
+
Google Analytics, are still sent to the server. These cookies are not relevant
72
+
for backend processing and should not influence the caching logic. To ensure
73
+
this, configure your Varnish cache to `clean the cookies header`_ by retaining
74
+
only essential cookies (e.g., session cookies) and removing all others. This
75
+
allows pages to be cached when there is no active session.
76
+
77
+
If you are using PHP with its default configuration, the session cookie is
78
+
typically named ``PHPSESSID``. Additionally, if your application depends on other
79
+
critical cookies, such as a ``REMEMBERME`` cookie for :doc:`remember me </security/remember_me>`
80
+
functionality or a trusted device cookie for two-factor authentication, these
0 commit comments