It’s becoming a norm now. With every new release of Magento, eBay surprises us in newer ways. Things that were earlier optimized for performance won’t work and everything goes back to the drawing board.
With the release of Magento 1.9.x, web store admins are once again trying to make
form_keys compatible with Varnish. Just like the last time, popular optimization extensions Phoenix Media Page Cache and Nexcess Turpentine claim to have resolved the issue.
Therefore, I performed some tests to check if Varnish is working.
Here, we can see the page is “Hit” and there are no cookies set.
How is it then possible for Magento using
form_keys to work without cookies? Let’s move forward to find out.
As I visit the Product page, the story turns out to be a bit different.
Here, we can see page is “Hit”, but we also see a cookie named as “PAGECACHE_FORMKEY”. Since the page is a hit, I believe this is generated via Varnish. But the question remains: Will it work ?
Let’s find out.
I hit “Add to cart” and the product was successfully added to cart. We can observe the POST data highlighted which uses the same
form_key which was generated by Varnish and it is present in browser so it passes the CSRF check and the product is added to cart successfully.
I did few more tests to see how it works and found that the additional “PAGECACHE_FORMKEY” cookie only arrives when we are on product page.
Here we can see the page is “Hit” but since it is not a product page, no
form_key cookie is added by Varnish. This does not look right.
I tried adding the product to cart.
As expected, the cart was empty because there was no
form_key provided. Therefore, this was troublesome.
Seeing this, the optimization experts at Cloudways started looking for a solution. After a lot of experimentation, the Varnish VCL was customized to solve the aforementioned problem.
Now, let’s test it. The same testing environment is being used. The only change is the Cloudways customized VCL.
Here we can see some what similar behavior as before where Varnish generates a special cookie to resolve
form_key situation in Magento 1.9.x.
But, will it work on all pages? Let’s find out.
Now, we are on same page that we first used with Phoenix Page cache plugin’s default VCL. We can see the “Hit” and
This will not cause the CSRF check to fail.
“Add to cart” was successful.
Therefore, if you want Varnish cache to work properly on a Magento 1.9.x store, then bring it to Cloudways. But, we are not meanies! If you want to know more about our customized VCL, then drop us a comment.
Here I would like to tell you that Varnish is just one part of our optimized side. Together with Nginx, Apache, and Memcached, our hosting stack ensures Magento websites run at their best speeds by using the server resources efficiently.
With more than a dozen hosting locations, Cloudways Magento Cloud Platform is ideal for deployment of store of all shape and sizes. So, don’t wait! Start your free trial now.
Start Creating Web Apps on Managed Cloud Servers Now!
Easy Web App Deployment for Agencies, Developers and E-Commerce Industry