I only manage the server (apache, nginx/ varnish) and make it work for the team that does WordPress… so I don’t have much control over the WordPress version.
We are migrating from apache to nginx and just cut things over yesterday. We still need to use apache to process our shibboleth logins until we can re-engineer that to work with nginx. To do this I pass all requests to wp-login.php to apache which is listening to an alternate port and not accessible through the firewall. Its a cludge but it works.
I thought everything was working until I got a call about users not being able to access password protected pages… Didn’t know we had any until then… or how they worked
After much digging into password protected pages and using firebug I found that I was not getting wp-postpass cookies so I removed this from the vcl_fetch section :
# only allow cookies to be set if we're in admin area
if( beresp.http.Set-Cookie && req.url !~ "^/wp-(login|admin)"){
unset beresp.http.Set-Cookie;
}
which I know kills the caching for right now… I will go into dev now and look at that link you provided but for now I am no longer in firefighting mode.
thanks
