I have moved my WordPress site (a small blog) onto a hosting platform with Varnish at its front. Varnish, rightly, won’t cache when cookies exist.
It looks like WordPress starts the session, even if it doesn’t need it. As such, it sets the PHPSESSID cookie, even though a var_dump() of $_SESSION is empty (when done at the end of index.php).
Is there a way to stop WordPress doing this? Perhaps with an existing or, indeed, custom plugin?
EDIT: Looking at it again, does the session get used for anything useful on the frontend of the site? Posting a comment seems to set other cookies. Can I just exclude PHPSESSID from Varnish?
I know W3 Total Cache works with Varnish but it’s a massive plugin and, despite spending a lot of time configuring it, performance was worse and things occasionally broke.
2 Answers
I gave it a punt and it seems to be OK. Below is my VCL. It basically unsets all cookies unless it’s wp-admin. This will only work for a very simple site.
# Specific to my.website.com
if (bereq.http.host == "my.website.com") {
# Strip all cookies (the only one should be PHPSESSID) if not admin
if ( ! bereq.url ~ "^/wp-admin/") {
unset beresp.http.Set-Cookie;
}
}
