Flask-Login sets a session cookie for anonymous requests making very difficult to use Varnish #109

Closed
teleyinex opened this Issue Jul 29, 2013 · 9 comments

Comments

Projects
None yet
4 participants
@teleyinex

Hi,

I'm trying to use Varnish to speed up my Flask application, and I've discovered that as soon as I load the Flask-Login extension (with the init method) all requests to the app create a cookie with the name session. This is problematic for Varnish because when a request has a cookie, Varnish moves it to the backend, converting Varnish in a cache only for static content (the other option is to use ESI or cache for every cookie).

I've tried to figure out where in your code you set up the cookie, but I cannot find it. Can you help me?

Cheers

@mkonecny

This comment has been minimized.

Show comment
Hide comment
@mkonecny

mkonecny Aug 2, 2013

How do you expect Flask-Login to work if it doesn't set a cookie?

mkonecny commented Aug 2, 2013

How do you expect Flask-Login to work if it doesn't set a cookie?

@teleyinex

This comment has been minimized.

Show comment
Hide comment
@teleyinex

teleyinex Aug 2, 2013

I think I explained myself badly in the first place. I understand that a cookie is needed for registered users, but is it necessary for anonymous people? If you don't create an account at all, why Flask-Login creates a cookie? Is it for the current_user methods?

I think I explained myself badly in the first place. I understand that a cookie is needed for registered users, but is it necessary for anonymous people? If you don't create an account at all, why Flask-Login creates a cookie? Is it for the current_user methods?

@maxcountryman

This comment has been minimized.

Show comment
Hide comment
@maxcountryman

maxcountryman Aug 3, 2013

Owner

It's necessary to see if there's a user id in the session prior to populating the context stack; yes.

Owner

maxcountryman commented Aug 3, 2013

It's necessary to see if there's a user id in the session prior to populating the context stack; yes.

@teleyinex

This comment has been minimized.

Show comment
Hide comment
@teleyinex

teleyinex Aug 3, 2013

OK, perfect! Now I get it. Thanks a lot for the information. Question: by any chance is that cookie for the anonymous user the same all the time? Because that will basically help to cache the views in Varnish per cookie (not really the best case scenario but much better than not caching anything).

Another option could be to identify the Cookie in a special way, so we can actually track it at Varnish. Do you think that could be a possibility?

OK, perfect! Now I get it. Thanks a lot for the information. Question: by any chance is that cookie for the anonymous user the same all the time? Because that will basically help to cache the views in Varnish per cookie (not really the best case scenario but much better than not caching anything).

Another option could be to identify the Cookie in a special way, so we can actually track it at Varnish. Do you think that could be a possibility?

@maxcountryman

This comment has been minimized.

Show comment
Hide comment
@maxcountryman

maxcountryman Aug 6, 2013

Owner

Question: by any chance is that cookie for the anonymous user the same all the time?

It should be in the session, so yes, assuming you're using the built-in Flask session infrastructure.

Another option could be to identify the Cookie in a special way, so we can actually track it at Varnish. Do you think that could be a possibility?

You should be able to identify the session cookie on the frontend, yes.

Owner

maxcountryman commented Aug 6, 2013

Question: by any chance is that cookie for the anonymous user the same all the time?

It should be in the session, so yes, assuming you're using the built-in Flask session infrastructure.

Another option could be to identify the Cookie in a special way, so we can actually track it at Varnish. Do you think that could be a possibility?

You should be able to identify the session cookie on the frontend, yes.

@teleyinex

This comment has been minimized.

Show comment
Hide comment
@teleyinex

teleyinex Aug 6, 2013

Thanks a lot for your helpful answers! I'll be trying to cache everything based on cookies then!

Thanks a lot for your helpful answers! I'll be trying to cache everything based on cookies then!

@teleyinex teleyinex closed this Aug 6, 2013

@mhammonds

This comment has been minimized.

Show comment
Hide comment
@mhammonds

mhammonds Aug 20, 2014

Same problem here regarding Flask-Login and Varnish.

I don't see why it's necessary to set a cookie for Anonymous users. The first connection from an unauthenticated user will never have a cookie, so clearly it isn't needed even for the current_user() functionality.

I think this ticket should be re-opened to add support for disabling anonymous login cookies. I'd be glad to participate in the development for this as it is a huge stumbling block for anyone looking to scale with Varnish.

Same problem here regarding Flask-Login and Varnish.

I don't see why it's necessary to set a cookie for Anonymous users. The first connection from an unauthenticated user will never have a cookie, so clearly it isn't needed even for the current_user() functionality.

I think this ticket should be re-opened to add support for disabling anonymous login cookies. I'd be glad to participate in the development for this as it is a huge stumbling block for anyone looking to scale with Varnish.

@maxcountryman

This comment has been minimized.

Show comment
Hide comment
@maxcountryman

maxcountryman Aug 20, 2014

Owner

As always, PRs welcome.

Owner

maxcountryman commented Aug 20, 2014

As always, PRs welcome.

@mhammonds

This comment has been minimized.

Show comment
Hide comment
@mhammonds

mhammonds Aug 20, 2014

Glad to hear that, Max. I'll explore the code a bit more and see if I can come up with something that will work out of the box for Varnish users. I've really enjoyed working with Flask-Login up to this point, so thanks for all the effort!

Glad to hear that, Max. I'll explore the code a bit more and see if I can come up with something that will work out of the box for Varnish users. I've really enjoyed working with Flask-Login up to this point, so thanks for all the effort!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment