WordPress Login Cookie Error When Using Varnish

Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.

Screen Shot 2016-04-01 at 6.02.55 PM

After setting up a server using Varnish this error would consistently rear its ugly head. The user would try to log in and be presented with this message every first try but could then try to log in a second and be let it. After spending hours trying to see if the problem was the Varnish regex a simple solution presented itself.

After scouring the web for Varnish configurations a general trend appears to contain:

set req.http.cookie = regsuball(req.http.cookie, "wp-settings-\d+=[^;]+(; )?", "");
set req.http.cookie = regsuball(req.http.cookie, "wp-settings-time-\d+=[^;]+(; )?", "");
set req.http.cookie = regsuball(req.http.cookie, "wordpress_test_cookie=[^;]+(; )?", "");
if (req.url ~ "wp-admin|wp-login") {
      return (pass);
}

We tried to pass through the wordpress_test_cookie using:

set req.http.cookie = regsuball(req.http.cookie, "wordpress_test_cookie=[^;]+(; )?", "; \1=");

but unfortunately that did not work.

The Solution

if (req.url ~ "wp-admin|wp-login") {
      return (pass);
}
set req.http.cookie = regsuball(req.http.cookie, "wp-settings-\d+=[^;]+(; )?", "");
set req.http.cookie = regsuball(req.http.cookie, "wp-settings-time-\d+=[^;]+(; )?", "");
set req.http.cookie = regsuball(req.http.cookie, "wordpress_test_cookie=[^;]+(; )?", "");

By switching the order of operations and having the req.url check before the cookie operations, the error no longer occurs and the site functions appropriately. This allows cookies for wp-admin and wp-login URLs to process before cookie updates for other URLs.

My WordPress Installation using Amazon Web Services article is updated with the corrected full default.vcl for Varnish.