ajax, invalid session

AFAIK, any POST request requires being logged in. What POST request are you sending where you believe not being logged in is OK? I know Ajax, but what is the Ajax POST supposed to do?

Hello,

thank you for your reply.
The post method refers to loading a window with several products. it is a url like mydomain.com/mypage/?plugin=ajax which apperars in log files with error.
TO boost my topic, do you believe that this has to do with cache or any other server systems?

I don’t see why a HTTP POST request would be required to load a product window. Using Ajax GET method should suffice. POST is generally used when data in the DB needs to be updated, GET is used to show a user data that’s already there. That said, there are on occasion legitimate not logged in POST requests, such as requests to wp-cron.php to execute scheduled events. At least wp-cron.php would normally execute despite not being logged in. Each type of call is unique and needs to be evaluated individually.

I’m pretty sure it’s WP throwing the errors, POSTs are not cached and the server itself doesn’t have a problem with POSTs, unless a specific rule in .htaccess blocks them for some reason. Do you have a security plugin? I could imagine one of those blocking POST requests if the user is not logged in, but then there would be a whitelist to allow legitimate requests like those to wp-cron.php.

Hello,

Thank you for your analysis.
Well the only Post which the server dinies is the one I described above. For other cases work. From the other side I have read that when there is different behavour of a site between logged in and not, this is a matter of cache system. I had installed several plugins for cache, for links etc, but trying to remove them and delete anything extra in htaccess, the overall site got blank pages. Except the post url above which is the only thing that works now normal!! Personally I believe for this reason it has something to do with server system cache.

It’s true that many caching schemes will not serve cached data if the user is logged in because they are typically altering content, but that would only apply to a WP specific cache. Server level caching doesn’t know about logged in users.

While caching schemes may cause one to see stale data, I don’t see caching schemes responding with 403 forbidden. That’s typically some sort of security at play, whether simple file permissions or the mod_security server module. However, caching can greatly confuse debugging of other issues because we keep seeing cached errors despite the bug having been fixed. It’s best to disable caching when debugging where possible. Otherwise we need to constantly flush the cache to ensure we are seeing current data.