1👍
You can fix the problem by editing your vcl_fetch as follows:
sub vcl_fetch {
# pass through for anything with a session/csrftoken set
if (beresp.http.set-cookie ~ "flash_sessionid" || beresp.http.set-cookie ~ "csrftoken" || beresp.http.set-cookie ~ "sessionid") {
return (hit_for_pass);
} else {
return (deliver);
}
}
This way you’re checking for Set-Cookie:sessionid as well.
Varnish sees only the first Set-Cookie header when using beresp.http.set-cookie, so in your case Varnish returns vcl_deliver instead of hit_for_pass.
For further reading I’d suggest taking a look at vmod_header.
Source:stackexchange.com