esi and private cache problem with logout nonce

  • Resolved monoor

    (@monoor)


    4 months, 4 weeks ago

    In the header, there is a WooCommerce log out button for users.
    This button creates a different nonce for each user.
    But when esi is activated, it seems that there is no private cache anymore.
    And the nonce is the same for all users, because it is cached.

    Question:
    Is there any other way besides converting the logout button to esi?
    Because if it is cached privately for each user, there will be no problem and there is no need to load every time without cache.

    Or the only way is esi?

Viewing 6 replies - 16 through 21 (of 21 total)
  • Moderator Support Moderator

    (@moderator)

    @monoor

     Please don’t offer to send or post logon credentials on these forums: https://www.ads-software.com/support/guidelines#the-bad-stuff

    It is not OK to offer, enter, or send site credentials on these forums. Thanks for your cooperation.

    I have removed your message, but as it was public (albeit briefly), change that password IMMEDIATELY.

    Thread Starter monoor

    (@monoor)

    Oh, I’m sorry, I didn’t know.

    I tested again, it is not usage-valid. Not even time-valid.

    For each user, when he logs in, a separate nonce is created.

    but do you really have to privatize it ?

    So the answer to the question is yes
    Plugin Support qtwrk

    (@qtwrk)

    but it works on my test when multiple user have same logout nonce , no ?

    Thread Starter monoor

    (@monoor)

    on my test? No

    logout link is like this: domain.com/account/customer-logout/?_wpnonce=b17a658429

    this happens when the nonce is same (not belonging to that user):

    the user goes to the my-account user panel page (which is not cached) and logs out after receiving a confirmation.

    Plugin Support qtwrk

    (@qtwrk)

    please create a ticket by mail to support at litespeedtech.com with refence link to this topic , we will investigate further.

    Thread Starter monoor

    (@monoor)

    ticket number: #836817

Viewing 6 replies - 16 through 21 (of 21 total)
  • You must be logged in to reply to this topic.