How to Cache with Tracking Cookies

May 27, 2014
By: Simon Wistow

Certain types of content, such as API results or dynamically generated HTML, are nearly impossible for legacy CDNs to cache. Because Fastly acts as a proxy and has Instant Purging capabilities, we can cache assets that other CDNs can't. Still, there are some things, such as pages with tracking cookies, that are difficult to manage because they are inherently personal and user specific.

How Do Tracking Cookies Work?

First, a short explanation of tracking cookies: websites, particularly ecommerce, content, and advertising sites, use cookies to follow users during their first session on the site and again on any subsequent site visits. Tracking visitor behavior (which pages they hit, how long they stay, etc.) provides valuable long-term and aggregate information about site flow and usability.

When a user visits a site for the first time, they’ll be handed a cookie which uniquely identifies them:

requests to origin

requests with cookies

Then, whenever that visitor returns to the site, this identifier can be read and aggregated to help measure behavior and patterns.

log user id

Using Tracking Cookies and Caching Content

Fastly uses a powerful scripting language called Varnish Configuration Language (VCL) that runs directly on our edge servers. VCL can handle very simple tasks, like adding and removing headers, as well as more sophisticated behavior such as programmable load balancing, url rewriting, and authentication.

Using VCL, customers can continue to use tracking cookies while still caching site content, improving site speed and reliability.

When the user makes a request to the site without a cookie Fastly triggers a request back to the site’s origin which will return a response with a cookie attached:

Fastly requests without cookies

Fastly can then strip off the cookie, cache the content but then respond with the cookie reattached:

Fastly response with tracking cookie

Then, whenever a particular user visits the site again, Fastly will strip off the cookie, send the user’s unique identifier back via our real-time logging system, and respond with the cached content and the reattached cookie.

Fastly response with tracking cookie

The VCL needed to do this is below (note: you'll need to change 'mycookie' to be the name of your own cookie):

sub vcl_recv {
  if (req.http.Cookie ~ "mycookie=") {
    # The request does have a tracking cookie so store it temporarily
    set req.http.Tmp-Set-Cookie = req.http.Cookie;
    unset req.http.Cookie;
  } else {
    # The request doesn't have a tracking cookie so force a miss
    set req.hash_always_miss = true;
  }

#FASTLY recv
}

sub vcl_fetch {
  # The response has a Set-Cookie ...
  if (beresp.http.Set-Cookie) {
    # ... so store it temporarily
    set req.http.Tmp-Set-Cookie = beresp.http.Set-Cookie;
    # ... and then unset it
    unset beresp.http.Set-Cookie;
  }

#FASTLY fetch
}

sub vcl_deliver {
  # Send the Cookie header again if we have it
  if (req.http.Tmp-Set-Cookie) {
    set resp.http.Set-Cookie = req.http.Tmp-Set-Cookie;
  }

#FASTLY deliver
}

You would then need to create a new Logging object to send back req.http.Tmp-Set-Cookie, plus any other information you'd want.

Generating Tracking Cookies on the Edge

Taking things one step further, it's possible to avoid the initial call back to the origin by actually creating a cookie in VCL:

sub vcl_recv {
  if (req.http.Cookie ~ "mycookie=") {
    # The request does have a tracking cookie so store it temporarily
    set req.http.Tmp-Set-Cookie = req.http.Cookie;
    unset req.http.Cookie;
  } else {
    # The request doesn't have a tracking cookie so create one
    set req.http.Tmp-Set-Cookie = if(req.http.Cookie, req.http.Cookie "; ", "") "mycookie=" digest.hash_md5(now randomstr(32) client.ip);
  }

#FASTLY recv
}


sub vcl_deliver {
  # Send the Cookie header again if we have it
  if (req.http.Tmp-Set-Cookie) {
    set resp.http.Set-Cookie = req.http.Tmp-Set-Cookie;
  }

#FASTLY deliver
}

Either method allows Fastly customers to benefit from all the advantages of a CDN, including faster response times, spike protection and lower capital and operations expenditures, without losing the critical visitor behavior insights provided by tracking cookies.

If you'd like to activate custom VCL uploading for your account, just send an email to support@fastly.com.

« Back to posts
Get product updates, site performance tips, event news and more from our monthly newsletter.
Enter your email address:
comments powered by Disqus