0

how can i create a sort-of last response middleware on a Laravel application that checks if the response does not contain any userland-generated data like, for example, authentication data?

I've seen that a standard Cookie contains the following keys:

  1. _token
  2. _csrf
  3. _previous
  4. _redirect
  5. _flash
  6. PHPDEBUGBAR_STACK_DATA -- This is injected by barryvdh/laravel-debugbar

Why would I need this? Because I need Varnish to reply from cache, if the request is stateless. In other words, Users that just want to navigate the (20000+) static pages of the website.

My goal is to have a final middleware that physically forces the response stack to not send any set-cookie header, if there is no need of setting it (not-authed user).

Maurizio
  • 469
  • 1
  • 4
  • 11
  • possible duplicate of https://stackoverflow.com/questions/72035888/how-can-i-prevent-laravel-from-setting-a-session-cookie-when-the-user-is-not-aut – Alex Feb 15 '23 at 10:58

1 Answers1

1

There may be a simple way to achieve your desired caching behavior by modifying your VCL (Varnish Configuration Language) within Varnish. The location of your VCL file is specified by the path in varnishd's -f parameter. The default location for this is /etc/varnish/default.vcl. If you share this file, I may be able to help you further.

Are you seeing requests not caching that should be, or caching that shouldn't be? One way to investigate this would be using varnishlog queries such as sudo varnishlog -d -g request -q "TTL ~ 'uncacheable'" for uncacheable content and sudo varnishlog -d -g request -q "BereqURL and not TTL ~ 'uncacheable'" for cacheable content.

Another topic here would be validating the authentication in Varnish and serving user specific content safely from cache to speed up the logged in experience. I'd be happy to expand on that more if it is of interest.

Questioner
  • 98
  • 5