esi and private cache problem with logout nonce

yes , private ESI seems to be only viable solution.

Thanks, 1- so to cache privately, it should be used like this?:

add_action( 'litespeed_esi_load-my_esi_block', 'my_esi_block_esi_load' );

function my_esi_block_esi_load()
{
do_action( 'litespeed_control_set_private' );
echo "hi";
}

2- If we don’t set ttl, the cache will remain indefinitely?: do_action( 'litespeed_control_set_ttl', 300 );

3- Is there a way to force the content cache of this esi to be cleared during an operation?
(only for that user)

eh , how did you set the nonce to be ESI in first place ? in Cache -> ESI -> ESI nonce ?

No I didn’t, please guide me how to do it?

This is the code that creates the menu list and the LOGOUT button link at the end:

<?php foreach ( wc_get_account_menu_items() as $endpoint => $label ) : ?>
    <li class="<?php echo wc_get_account_menu_item_classes( $endpoint ); ?>">
        <a href="<?php echo esc_url( wc_get_account_endpoint_url( $endpoint ) ); ?>"><?php echo esc_html( $label ); ?></a>
    </li>
<?php endforeach; ?>

We can also have the LOGOUT button outside the FOREACH like this:

<li class="wc-account-menu-item logout">
    <a href="<?php echo esc_url( wc_logout_url() ); ?>">logout</a>
</li>

• This reply was modified 8 months ago by monoor. Reason: add alone logout

hmmmm , please try this

go to toolbox -> debug setting : debug to ON , debug level to advance , debug include URI, add test and lsesi

go to toolbox -> log view , clean up any existing log.

as login user , open the page as https://domain.com/?test

then share me the log you see from toolbox -> log view by https://pastebin.ubuntu.com/

ls log (click here), log is for a user with the customer role

I don’t see any ESI related log , please try as a normal user , not admin

As it is in the log, this role is not an admin: [Router] get_role: customer

But I don’t know why admin bar is written yes.

And I tested this with a subscriber role, the result was the same as the previous report.

Anyway, isn’t wc_logout_url a function for WooCommerce? Shouldn’t the way its nonce work be the same on all sites?

When I clicked the logout button (and confirmed, because of cache and wrong nonce), this log was generated:

ls log 2(click here)

please try use woocommerce-login private in ESI nonce list, see what happens.

ls log when logout

ls log when login user open ?test

I put it and the link of the logout button is still cached and the nonce it displays is the same for everyone

but isn’t even the nonce is same, it should sitll work for all users ?

I don’t understand, what should it be the same with?

I have a menu that has a logout button, the exit link is created by WooCommerce as I showed you.

This logout link is cached and since it creates a different nonce for each user, it does not work properly!

What happens after clicking on the cached logout link? The user goes to the my-account user panel page (which is not cached) and logs out after receiving a confirmation.

There is a question: How can I configure this link to have a private cache with ESI? As I said last time?:

1- so to cache privately, it should be used like this?:

but do you really have to privatize it ?

I just run a test on 3 login accounts , it displays same nonce when cache/esi enabled, and all of them log out successfully

the nonce on wordpress was time-valid , not usage-valid , like a nonce will be valid for X hours no matter how many times it has been used.

DO NOT DO THIS , REMOVE IT IMMEDIATELY

THIS IS PUBLIC FORUM

you will get yourself banned