It is a magento 2.3.3 site with PHP 7.3 and Varnish 6. It looks like varnish is stripping PHPSESSID. Is this normal behaviour or some workaround needs to be done in VCL code? This is how the curl request look like. PHPSESSID seems to appear in non-www headers but not the www headers. Is this varnish issue or nginx configuration issue? Below is my nginx conf.
curl -I https://example.com
HTTP/2 302
server: nginx
date: Tue, 17 Dec 2019 12:10:46 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=u1erp4gte3ja7d5bll9u6knsfl; expires=Wed, 18-Dec-2019 12:10:46 GMT; Max-Age=86400; path=/; domain=.example.com; secure; HttpOnly
location: https://www.example.com/
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
pragma: no-cache
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
curl -I https://www.example.com
HTTP/2 200
server: nginx
date: Tue, 17 Dec 2019 12:10:38 GMT
content-type: text/html; charset=UTF-8
content-length: 54847
vary: Accept-Encoding
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
pragma: no-cache
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
server {
listen 443 ssl http2;
server_name example.com www.example.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /home/example/conf/web/ssl.example.com.pem;
ssl_certificate_key /home/example/conf/web/ssl.example.com.key;
access_log /var/log/nginx/domains/example.com.log combined;
access_log /var/log/nginx/domains/example.com.bytes bytes;
error_log /var/log/nginx/domains/example.com.error.log error;
location / {
proxy_pass http://127.0.0.1:6081;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Ssl-Offloaded "1";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 8080;
server_name example.com www.example.com;
set $MAGE_ROOT /home/example/web/example.com/public_html;
set $MAGE_MODE production; # or production
include /home/example/web/example.com/public_html/nginx.conf.sample;
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include /home/example/conf/web/snginx.example.com.conf*;
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Based on the details you provided about the behavior of PHPSESSID cookies being stripped out when accessing your Magento site with “www” as part of the URL versus without, it appears this might be related to your Varnish configuration rather than an Nginx issue.
Understanding the Problem
Varnish, by default, is designed to strip out or ignore cookies for caching purposes because cookies indicate personalized content that should not be cached. If your Magento site’s behavior relies on cookies for sessions (as is typical), and you see them being dropped, you need to configure Varnish to handle these cookies appropriately.
Steps to Troubleshoot & Solve
1. Review Varnish Configuration
You need to ensure Varnish is configured to pass through the necessary cookies. This is done typically in your VCL files, especially in
sub vcl_recv
andsub vcl_backend_response
. Look for any lines that unset cookies or strip cookies and adjust accordingly.For a typical Magento setup, you’d want to ensure that the PHPSESSID cookie is not being stripped. You might see lines in your Varnish VCL such as:
This line would typically strip cookies from pages that are not part of admin, customer, or checkout processes, which might be incorrectly configured or overly aggressive.
2. Adjust the VCL to Properly Handle Cookies
You should modify your VCL to make sure it does not strip out the PHPSESSID cookie for the pages where it’s needed. An example adjustment could be:
This script carefully handles the PHPSESSID cookie, ensuring it is not stripped out by Varnish’s default behavior.
3. Ensure Correct Proxy Headers in Nginx
Your Nginx configuration shows you are passing the necessary headers to Varnish, which is good. Ensure that the proxy headers, particularly related to cookies and session IDs, are correctly configured so that when Varnish sends requests back to Nginx, they are handled appropriately.
4. Testing Changes
After making changes to your Varnish VCL:
curl -I https://www.example.com
to inspect the headers and confirm that the PHPSESSID cookie is being sent as expected.5. Debugging Further
If problems persist:
varnishlog
) for details on how cookies are being processed.Final Notes
Since caching and session management are critical aspects of both performance and functionality in web applications like Magento, ensuring that these are aligned with your caching strategy (in this case, Varnish) is crucial. Adjustments might be needed based on your specific site behavior and traffic patterns. If the issue is complex or critical, consulting with a specialist in Magento and Varnish could provide more personalized and in-depth assistance.
Thanks you for responding. Below is the VCL file.
Hello,
Your Nginx config looks all correct. I believe that this would be Varnish that’s causing the issue for you.
Could you share your Varnish config here so that I could have a look and try to advise you further?
Regards, Bobby