[Catalyst] Production session issue - commercial support inquiry?

Matt Pitts mpitts at a3its.com
Tue Jan 27 03:31:12 GMT 2009 

> -----Original Message-----
> From: Tomas Doran [mailto:bobtfish at bobtfish.net]
> Sent: Monday, January 26, 2009 5:53 PM
> To: The elegant MVC web framework
> Subject: Re: [Catalyst] Production session issue - commercial support
> inquiry?
> 
> 
> On 26 Jan 2009, at 20:27, Matt Pitts wrote:
> > If it is Apache, I imagine it's related to mod_cache, although I
> > *thought* I had it properly configured.
> >
> > As an exercise; after a simple restart of Apache on the proxy I was
> > *unable* to duplicate the cookie issue after ten minutes of trying
> > whereas this morning I had been able to do it after just a few
> > refreshes.
> >
> > Has anyone experienced good/bad things with Apache as a frontend
> > proxy/balancer/cache?
> >
> > I've seen mention of Varnish on this list as a good frontend proxy.
> > Any
> > personal recommendations of it or others?
> 
> If you're app isn't sending appropriate cache headers, then you're
> stuffed whatever you're using - I don't think that changing the cache
> is going to help here - the default varnish config won't cache things
> with a cookie, but that still won't help you for users who may be
> behind a proxy/cache themselves..
> 
> You need to fix the cache headers your app is sending, this is the
> only correct solution.

Ok, I have the following lines in auto subs in the controllers of the
areas that should not be cached and the problem still exists:

    $c->res->header( 'Cache-Control' => 'no-cache, max-age=0' );
    $c->res->header( 'Pragma' => 'no-cache' );

However, because the Set-Cookie header is sent back in every response, I
think that it's getting cached on pages outside of the "session enabled"
areas and then getting sent out to other browsers on those pages. Then
when the browser makes another request (to a sessioned area), it uses
the new cookie it got. Does this all sound right so far?

According to mod_cache docs it aims to be RFC2616 compliant which
apparently specifies only hop-to-hop headers as non-cachable. So, one
must explicitly set "CacheIgnoreHeaders Set-Cookie" to avoid having
cookie headers cached. I made this change today, but I'm not convinced
that this was the only cause of the problem. I tore my hair out over the
proxy server when this problem first started and at one point had
mod_cache completely pulled out and we still had the problem. Who knows
now, though, maybe that was all just a dream and I never actually did
it.

Thanks for the advice,
-matt pitts

More information about the Catalyst mailing list