Unable to set or renew custom cookies

[phizab]

Today I tried to set a custom cookie running Turpentine. Although the cookie was set in PHP-Code, it does not appear in the browser.

In the VCL I saw following code:

# if Magento sent us a Set-Cookie header, we'll put it somewhere
# else for now
if (beresp.http.Set-Cookie) {
    set beresp.http.X-Varnish-Set-Cookie = beresp.http.Set-Cookie;
    unset beresp.http.Set-Cookie;
}

If I'm right, cookies will be stripped here, but I cannot see any code for inserting them again (X-Varnish-Set-Cookie is not used anywhere).

Besides that I'm not able to set custom cookies, the default Magento cookies (e.g. "frontend") won't be renewed. So Magento cookies will expire, although the customer still is in the shop. I'm aware that cookies cannot be set on Cache-Hits, but should be on Cache-Misses e.g. cart page or in checkout. Worst case would be, if the cookie expires while checking out.

I tested this by setting cookie lifetime to 30 seconds in a local environment. I added some items to cart and clicked through the shop. 30 seconds after I added the items to my cart it was empty and the session was dropped. This only apply for 200 or 404 requests, in 30X requests cookies will be renewed.

Can anybody confirm this issue? Or does this appear only in our setting? We use form key generation in Magento, not in the VCL.

[phizab]

I explored another issue. beresp.http.Set-Cookie only returns the first Set-Cookie-Header, which will be stored in beresp.http.X-Varnish-Set-Cookie and all others will completely be dropped, if I'm right.