Vary on forceHTTPS cookie

Varnish seems to be returning the cached version of pages for users
after they have logged in over https, but access an http page. This
seems to occure because only the forceHTTPS cookie is sent on the
request, but varnish doesn't vary the cache based on that cookie.

Bug: 54513
Change-Id: Ia97ed80622191669ee5ca37af809d307bbdb61ae

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 1d0c930..e628834 100644 (file)
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -1721,6 +1721,7 @@ class OutputPage extends ContextSource {
                                array(
                                        "{$wgCookiePrefix}Token",
                                        "{$wgCookiePrefix}LoggedOut",
+                                       "forceHTTPS",
                                        session_name()
                                ),
                                $wgCacheVaryCookies