Session cookie being set, breaking through Varnish cache.

Created on 14 June 2013, over 11 years ago
Updated 1 September 2023, over 1 year ago

The simplesamlphp_auth_init() function runs on every page load and sets a session cookie, which causes Varnish cache misses.

To get around this, we have applied the following patch to the init function right at the top:

  // Bail on pages that aren't concerned with user login.
  if (arg(0) !== 'saml_login' && arg(0) !== 'user' && arg(0) !== 'my-account') {
    return;
  }

I'm not very familiar with the module as I took on this work from another developer and was subsequently pulled off it again, but perhaps you could consider something like this in a future release?

I'm aware that my patch above will prevent auto-login-on-every-page behavior, but for high performance sites this is probably necessary.

πŸ› Bug report
Status

RTBC

Version

3.0

Component

Code

Created by

πŸ‡ΏπŸ‡¦South Africa Mark Theunissen

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024