Question
Varnish stripping PHPSESSID from header
It is a magento 2.3.3 site with PHP 7.3 and Varnish 6. It looks like varnish is stripping PHPSESSID. Is this normal behaviour or some workaround needs to be done in VCL code? This is how the curl request look like. PHPSESSID seems to appear in non-www headers but not the www headers. Is this varnish issue or nginx configuration issue? Below is my nginx conf.
curl -I https://example.com
HTTP/2 302
server: nginx
date: Tue, 17 Dec 2019 12:10:46 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=u1erp4gte3ja7d5bll9u6knsfl; expires=Wed, 18-Dec-2019 12:10:46 GMT; Max-Age=86400; path=/; domain=.example.com; secure; HttpOnly
location: https://www.example.com/
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
pragma: no-cache
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
curl -I https://www.example.com
HTTP/2 200
server: nginx
date: Tue, 17 Dec 2019 12:10:38 GMT
content-type: text/html; charset=UTF-8
content-length: 54847
vary: Accept-Encoding
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
pragma: no-cache
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
server {
listen 443 ssl http2;
server_name example.com www.example.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /home/example/conf/web/ssl.example.com.pem;
ssl_certificate_key /home/example/conf/web/ssl.example.com.key;
access_log /var/log/nginx/domains/example.com.log combined;
access_log /var/log/nginx/domains/example.com.bytes bytes;
error_log /var/log/nginx/domains/example.com.error.log error;
location / {
proxy_pass http://127.0.0.1:6081;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Ssl-Offloaded "1";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 8080;
server_name example.com www.example.com;
set $MAGE_ROOT /home/example/web/example.com/public_html;
set $MAGE_MODE production; # or production
include /home/example/web/example.com/public_html/nginx.conf.sample;
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include /home/example/conf/web/snginx.example.com.conf*;
}
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×