Cache Rules - Bypass on cookie not working as expected


I need to do a simple cache bypass on cookie when logged in for a Wordpress site. I’m adding the Cache Rule and the final expression is (http.cookie contains “wordpress_logged_in_”) and select on bypass the cache. It works if the first time I’m logged in, not cached, and when I log out I get the cached page, but when I log in for a second time, it keeps sending the cached page even tho I have the cookie set. Does someone have this figured out?


I have just tested a couple of my WordPress sites and the bypass by cookie works correctly after I log in / log out. Could this be a browser cache issue? (I’ve tested with Chrome only)

Thanks for you answer. Do you have the same expression (http.cookie contains “wordpress_logged_in_”) or something else? Thanks again

Hmm… Now that I think about it, I believe my rule is a bit different that yours. I do not use a “byapss cache” as you seem to be doing. Instead, I use only one rule (with the effect of “Cache Everything”) and among the conditions for the cache I have as part of the expression not (http.cookie contains "wordpress_logged_in"). My full expression (which works if your permalinks end with a slash):

(not starts_with(http.request.uri.path, "/wp-") and ends_with(http.request.uri.path, "/") and not http.cookie contains "wordpress_logged_in")

Then: Elegible for cache > Respect origin.

Since Cloudflare by default does not cache HTML, if there’s no match (as is the case with the logged-in cookie), the request results in cf-cache-status: DYNAMIC.

In case you prefer to maintain 2 or more separate rules (1 or more for cache, 1 for bypass), make sure the bypass rule is placed last, as Cache Rules are applied bottom to top (this is counter-intuitive for us used to Page Rules!) with each new matching rule overriding where relevant the preceding rule(s).