1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257
|
#-
# This document is licensed under the same conditions as Varnish itself.
# See LICENSE for details.
#
# SPDX-License-Identifier: BSD-2-Clause
$Module cookie 3 "Varnish Cookie Module"
DESCRIPTION
===========
Handle HTTP cookies more easily in Varnish VCL.
Parses a cookie header into an internal data store, where per-cookie
get/set/delete functions are available. A keep() function removes all
but a set comma-separated list of cookies. A filter() function removes a comma-
separated list of cookies.
Regular expressions can be used for either selecting cookies, deleting matching
cookies and deleting non-matching cookie names.
A convenience function for formatting the Set-Cookie Expires date field
is also included.
The state loaded with cookie.parse() has a lifetime of the current request
or backend request context. To pass variables to the backend request, store
the contents as fake bereq headers.
Filtering example::
import cookie;
sub vcl_recv {
if (req.http.cookie) {
cookie.parse(req.http.cookie);
# Either delete the ones you want to get rid of:
cookie.delete("cookie2");
# or delete all but a few:
cookie.keep("SESSIONID,PHPSESSID");
# Store it back into req so it will be passed to the backend.
set req.http.cookie = cookie.get_string();
# If empty, unset so the builtin VCL can consider it for caching.
if (req.http.cookie == "") {
unset req.http.cookie;
}
}
}
$ABI strict
$Function VOID clean(PRIV_TASK)
Clean up previously parsed cookies. It is not necessary to run clean()
in normal operations.
Example::
sub vcl_recv {
cookie.clean();
}
$Function VOID delete(PRIV_TASK, STRING cookiename)
Delete ``cookiename`` from internal vmod storage if it exists.
Example::
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2");
cookie.delete("cookie2");
# get_string() will now yield "cookie1=value1"
}
$Function VOID filter(PRIV_TASK, STRING filterstring)
Delete all cookies from internal vmod storage that are in the
comma-separated argument cookienames.
Example::
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2; cookie3=value3");
cookie.filter("cookie1,cookie2");
# get_string() will now yield "cookie3=value3"
}
$Function VOID filter_re(PRIV_TASK, REGEX expression)
Delete all cookies from internal vmod storage that matches the
regular expression ``expression``.
Example::
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2; cookie3=value3");
cookie.filter_re("^cookie[12]$");
# get_string() will now yield "cookie3=value3"
}
$Function VOID keep(PRIV_TASK, STRING filterstring)
Delete all cookies from internal vmod storage that is not in the
comma-separated argument cookienames.
Example::
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2; cookie3=value3");
cookie.keep("cookie1,cookie2");
# get_string() will now yield "cookie1=value1; cookie2=value2"
}
$Function VOID keep_re(PRIV_TASK, REGEX expression)
Delete all cookies from internal vmod storage that does not match
expression ``expression``.
Example::
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2; cookie3=value3");
cookie.keep_re("^cookie[12]$");
# get_string() will now yield "cookie1=value1; cookie2=value2"
}
$Function STRING format_date(TIME now, DURATION timedelta)
Get a RFC1123 formatted date string suitable for inclusion in a
Set-Cookie response header.
Care should be taken if the response has multiple Set-Cookie headers.
In that case the header vmod should be used.
Example::
sub vcl_deliver {
# Set a userid cookie on the client that lives for 5 minutes.
set resp.http.Set-Cookie = "userid=" + req.http.userid +
"; Expires=" + cookie.format_date(now, 5m) + "; httpOnly";
}
$Function STRING get(PRIV_TASK, STRING cookiename)
Get the value of ``cookiename``, as stored in internal vmod storage.
Example::
import std;
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2");
std.log("cookie1 value is: " + cookie.get("cookie1"));
}
If ``cookiename`` does not exist, the `NULL` string is returned. Note
that a `NULL` string is converted to an empty string when assigned to
a header. This means that the following is correct::
if (req.http.Cookie) {
cookie.parse(req.http.Cookie);
set req.http.X-tmp = cookie.get("a_cookie");
} else {
set req.http.X-tmp = "";
}
if (req.http.X-tmp != "") {
// do something with the X-tmp header...
} else {
// fallback case
}
However, using `cookie.isset()` is often a better way to check if a
particular cookie is present, like this::
unset req.http.X-tmp; # unnecessary if no fallback is needed
if (req.http.Cookie) {
cookie.parse(req.http.Cookie);
if (cookie.isset("a_cookie")) {
set req.http.X-tmp = cookie.get("a_cookie");
# do something with the X-tmp header...
}
}
# if necessary, do something when a_cookie is not there
if (!req.http.X-tmp) {
# fallback case
}
$Function STRING get_re(PRIV_TASK, REGEX expression)
Get the value of the first cookie in internal vmod storage that matches the
regular expression ``expression``. If nothing matches, the `NULL` string
is returned.
Example::
import std;
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2");
std.log("cookie1 value is: " + cookie.get_re("^cookie1$"));
}
$Function STRING get_string(PRIV_TASK)
Get a Cookie string value with all cookies in internal vmod storage. Does
not modify internal storage.
Example::
sub vcl_recv {
cookie.parse(req.http.cookie);
cookie.keep("SESSIONID,PHPSESSID");
set req.http.cookie = cookie.get_string();
}
$Function BOOL isset(PRIV_TASK, STRING cookiename)
Check if ``cookiename`` is set in the internal vmod storage.
Example::
import std;
sub vcl_recv {
cookie.parse("cookie1=value1; cookie2=value2");
if (cookie.isset("cookie2")) {
std.log("cookie2 is set.");
}
}
$Function VOID parse(PRIV_TASK, STRING cookieheader)
Parse the cookie string in ``cookieheader``. If state already exists,
``clean()`` will be run first.
Example::
sub vcl_recv {
cookie.parse(req.http.Cookie);
}
$Function VOID set(PRIV_TASK, STRING cookiename, STRING value)
Set the internal vmod storage for ``cookiename`` to ``value``.
Example::
sub vcl_recv {
cookie.set("cookie1", "value1");
std.log("cookie1 value is: " + cookie.get("cookie1"));
}
DEPRECATED
==========
$Alias format_rfc1123 format_date
|