September 15, 2021
2 min read time

Cache the Uncacheable: JSON Web Tokens (JWT) Secure Semi-Private Content

One of the most important tools in securing high-performance web content delivery is caching. But when we talk about caching, we often refer to static content that never changes and doesn’t contain any personalized information. Dynamic content, which changes frequently and is often used to personalize web experiences, isn’t easily cached because it contains content specifically tailored to an individual user. 


Dynamic content is everywhere and only grows more prolific with time. Something as simple as a session token that allows a user to add an item to a shopping cart is enough to prevent that content from being cached. 


Making uncacheable cacheable

Xbody and Edgestash

Varnish has different ways of going about making the uncacheable cacheable. 

One is the Xbody VMOD and Edgestash working together to accelerate content delivery when you’re working with impossible-to-cache content.


JSON Web Tokens (or JWT)

Another way Varnish can work with uncacheable content is with JSON Web Tokens (JWT), which enable validation of information or data transmitted between two parties. JWT also plays a key role in authorization (and is frequently a part of single sign-on technologies to help streamline the authorization process). 

What does JWT do? JWTs are usually ID or access tokens and are used as a means of verifying what the client tells you. JWT is used for authenticating and authorizing applications and APIs, and for this, it’s important to understand and validate that the parties sending and receiving data are who they claim to be. What is the point of signed content? Ultimately, “Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn't been tampered with.” Varnish can verify what JWT claims. 


To find out more about how Varnish manipulates, creates, and verifies JWT and JWS tokens, read about the JWT VMOD or watch our recent webinar. 

New call-to-action