Cloudflare APO nonces

It seems that when having APO enabled, after half a day or so, users cant login saying Session token expired. This happens due to APO not realizing the new nonce that are being changed every some hours or something. What can I do?

Where are these nonces used? In the URL?

No, on the backend or something, they are used for ajax frontend login. How can we set apo to refetch cache every 12 hours?

Give Page Rules a try. Set Edge Cache TTL to 12 hours (or less).
Match:* (or just if you don’t use “www”)
Setting: Edge Cache TTL (12 hours)

I have seen that APO ignores Edge Cache TTL completely

Possibly, though I only briefly tried APO. I’d hope it would respect Edge Cache, as it’s nice to have some control.

There’s also an origin header approach that might help:

Cloudflare-CDN-Cache-Control: max-age=24400

Okay, will give it a try. I have another problem with logins and logouts of APO. Its seems that it always gives max-control:0 which instructs browser that it SHOULD revalidate. This sometimes means that the user seems logged in even after logging out and vice versa. Only on specific page, because browser doesnt revalidate. I want to put no-cache but i have read that APO ignores all cache control already set by server and works with custom headers. What can I do to add no-cache.
Edit: I have added Cache-Control: no-cache,max-age:0, must-revalidate and the same issue occurs. And cf-apo-via: bypass cant be set through transform rules.

As stated here, the same happens whenever I have Cloudflare APO enabled. I have several problems with logins and cloudflare APO as I opened another thread on the forum. Could it be that APO only recognises certain login logout technique and not mine? But I doubt it because I use the default Wordpress mechanism for that.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.