Secure Cookie Data


Secure Cookie Data is a module that implements the Secure Cookie Protocol. This protocol garantuees that cookies cannot be tampered.

Tamper resistance is achieved through the use of an HMAC that validates the data stored in the cookie each time the data is retrieved. If the validation fails an empty object is returned.

Design goals

The goals we aim for are three:


Role CSS & JS Aggregation

Drupal's CSS & JS aggregation can cause database deadlock in the variable table under heavy load, this will bring your site to its knees.

This module allows you to disable aggregation for any user with-out a specific role. The idea being that after a release you can serve un-aggregated css and js files until you warm the aggregation cache with a tiny fraction of your normal traffic levels, avoiding the row contention issues that lead to deadlock.

Varnish Auth

This module provides functionality for serving pages for authenticated users from Varnish cache.

It requires modification of the Varnish vcl file (provided in the example.vcl file), which diverts incoming requests to an access_check.php file. Here a very-quick DRUPAL_BOOTSTRAP_SESSION is made, which checks the user is authenticated, the result is then passed back to the vcl, and a cacheable page is then retrieved.


This module extends the Varnish module to purge caches of multiple configured base urls.

## Installation
You need to have the Varnish module installed and enabled.

Once you have Varnish working, to use the module you need to do the following:

Enable the module.
Configure the following variables in settings.php file:

Cacheable CSRF protection

Provides an alternative CSRF protection mechanism for Drupal forms, that depends on JavaScript but allows form HTML to be cached in reverse proxies or CDNs.


Prerender, prefetch, dns-prefetch, helper with visitor flow knowledge provided by Google Analytics.


Subscribe with RSS Subscribe to RSS - Performance and Scalability