On Sep 30, 3:03 pm, CA <calt...@matterco.com> wrote: > I am interested in using Varnish with Symfony to cache my static files > in a Rproxy while my dynamic assets are served by PHP. > > I currently have Varnish only removing cookies from static files and > caching static files -- but I cannot log into my Symfony application. > > My understanding is that if the php document retained its Symfony > cookie, then user authentication would not be disrupted by Varnish. > > Any insight is appreciated. Thank you.
You can't (or perhaps shouldn't) cache a page that requires authentication. If you can't log in to your Symfony app, then Varnish is misconfigured and caching the page you're trying to access, so the request (with/without the cookie) never even makes it back to your application. I've never done it with Varnish, but I have in the past configured nginx as a caching, reverse proxy to forward requests back to the application servers if there's a particular cookie present, or serve the cached page if not. Then, on the Symfony application side, I check if the user is authenticated. If not, delete the cookie so they don't get sent back to the app servers (and increase load) or proceed as normal if they are. Naturally, your login/registration pages (and their response) should probably never be cached. Bear in mind that if you have a page that's cached and you're using CSRF, you'll likely get CSRF attack problems left right and centre, because the CSRF stuff uses the Symfony session. If the page is cached, there is no symfony session! -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
