varnish met en cache les pages des utilisateurs connectés et sert ces pages.

Je place le cookie "logged_in" lorsque l'utilisateur se connecte. Si le cookie logged_in existe, varnish ne mettra pas la requête en cache.

Voici mon vcl_recv

sub vcl_recv
{
    if (req.backend.healthy) {
        set req.grace = 30s;
    } else {
        set req.grace = 1h;
    }

    # Handle compression correctly. Different browsers send different
    # "Accept-Encoding" headers, even though they mostly support the same
    # compression mechanisms. By consolidating compression headers into
    # a consistent format, we reduce the cache size and get more hits.
    # @see: http:// varnish.projects.linpro.no/wiki/FAQ/Compression
    if (req.http.Accept-Encoding) {
            if (req.http.Accept-Encoding ~ "gzip") {
            # If the browser supports it, we'll use gzip.
            set req.http.Accept-Encoding = "gzip";
        }
        else if (req.http.Accept-Encoding ~ "deflate") {
            # Next, try deflate if it is supported.
            set req.http.Accept-Encoding = "deflate";
        }
        else {
            # Unknown algorithm. Remove it and send unencoded.
            unset req.http.Accept-Encoding;
        }
    }

    # Set client IP
    if (req.http.x-forwarded-for) {
        set req.http.X-Forwarded-For =
        req.http.X-Forwarded-For + ", " + client.ip;
    } else {
        set req.http.X-Forwarded-For = client.ip;
    }

    if (req.http.Authorization || req.http.Authenticate)
    {
      return (pass);
    }

    if (req.url ~ "^/registration" ||
        req.url ~ "^/blog/viewnoti/" ||
        req.url ~ "^/action/insert_user" ||
        req.url ~ "^/loginmanager.*$") {
        return (pass);
    }

    if (req.request != "GET" &&
      req.request != "HEAD" &&
      req.request != "PUT" &&
      req.request != "POST" &&
      req.request != "TRACE" &&
      req.request != "OPTIONS" &&
      req.request != "DELETE") {
          # /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
    }

    if (req.request != "GET" && req.request != "HEAD") {
        # /* We only deal with GET and HEAD by default */
        return (pass);
    }

    if (!req.backend.healthy) {
        unset req.http.Cookie;
    }

    if (req.http.cookie ~ "logged_in") {
        return (pass);
    }

    if (req.http.Cache-Control ~ "(no-cache|no-store|private)") {
        return (pass);
    }

    if (req.http.cookie) {
        # removes all cookies named __utm? (utma, utmb...) - tracking thing
        set req.http.cookie = regsuball(req.http.cookie, "(^|; ) *__utm.=[^;]+;? *", "\1");

        if (req.http.cookie == "") {
            unset req.http.cookie;
        }
    }

    return (lookup);
}

Voici mon vcl_fetch

sub vcl_fetch
{
    if (req.url ~ "^/" ||
        req.url ~ "^/live" ||
        req.url ~ "^/selected" )
    {
        set beresp.ttl = 5m;
    } else {
      set beresp.ttl = 30m;
    }

    if (req.http.cookie ~ "logged_in") {
        set beresp.ttl = 0s;
    }

    if (req.http.Cache-Control ~ "(no-cache|no-store|private)") {
        set beresp.ttl = 0s;
    }

    # Set Grace Time to one hour
    set beresp.grace = 2h;
}

Varnish met en cache les requêtes des utilisateurs connectés et sert ces pages aux visiteurs et aux autres utilisateurs connectés. Je n'arrive pas à comprendre pourquoi il le fait.