Logged in and out of Wordpress Website

Hi there,

I am having an issue of getting logged in and out of my WordPress website when I navigate around the site.
For example, I will login to my homepage, https://www.homemixers.com/ and when I navigate to Home Mixers - Shipping & Delivery I stay logged in but when I navigate back to https://www.homemixers.com/ I am now logged out.
If I was to navigate back to Home Mixers - Shipping & Delivery I am now logged in again. This login and logout issue is happening across my website and I think it is an SSL issue but I am not sure how to rectify this issue.

Any help is greatly appreciated.

It seems to me that your site is using cookies that APO doesn’t recognize, so it’s showing a cached page even though you’re logged in. I suggest that you open a ticket and post the ticket here. @yevgen usually checks on these during the work week.

FYI the site in question is not using APO.

3 Likes

Hi guys,

Sorry the for the late response. I disabled cloudflare which fixed the currency issue (logging in and out of session as navigating pages) but the site is now noticeably slower so I re-enabled cloudflare but the problem persists.
What do you mean by APO?

APO is a Cloudflare feature to cache WordPress pages. I thought I saw APO headers when I tested the site.

Do you have any Page Rules set? It looks like Cloudflare is trying to cache, but max-age is set to 0.

I have three page rules set;

  1. homemixers.com/

Cache Level: Cache Everything

  1. http://homemixers.com/
    Always Use HTTPS

www.homemixers.com/*

  1. Forwarding URL (Status Code: 301 - Permanent Redirect, Url: https://homemixers.com/$1)

I have just turned the above rules off and resumed Cloudflare but the issue persists. Do I need to create a cache rule increasing max age above 0?

There are a few issues:

  1. You’re setting Cache Everything, and that doesn’t work well for sites that use logins. I’m quite sure this is the cause of your issue. Turn that rule off and I bet you won’t have login/logout problems.
  2. Because you have a Page Rule that matches everything (*example.com/*), no other rule will trigger because you’ve already matched the first condition.

Typically, I have the ‘www’ forwarder as #1. I don’t use an Always Use HTTPS rule because I already set that in SSL/TLS → Edge Certificates.

2 Likes

Cookies. Maybe missing something at WordPress? Kindly, check below my approach with this.

Maybe it is the Web browser?

May I ask is your WordPress install on www or non-www?
Furthermore, is it installed on HTTP or HTTPS?

As @sdayman already stated, could be regarding a cache if using some Page Rule at Cloudflare dashboard, or maybe, I hope you are running Full SSL (Strict)? Or else, having Really Simple SSL plugin just in case?

Maybe out of scope, but maybe it can help to reslove the issue while being logged in, then got back to homepage and I saw it as “not logged user”. Then I had to either start “developer console” and hit F5 (refresh button), then the admin bar would appear and the cookie would obviously be loaded.

  • I thought it has to be something with the cached / non-cached version at Web browser
    as I have had few issues with my Nginx and cookies while using WordPress over HTTPS and www.

From above mentioned, I usually have this approach:

  1. Full SSL (Strict) + Always Use HTTPS + Automatic HTTPS Rewrites enabled at Cloudflare dashboard
  2. Really Simple SSL plugin installed
  3. WordPress wp-config.php file has got the define('FORCE_SSL_ADMIN', true); added
  4. WordPress wp-config.php file has got the define('COOKIE_DOMAIN', 'www.mydomain.com'); added
  5. WordPress is installed on www and HTTPS (home_url, blog_url) and my web server (Nginx) is doing non-www to www redirection (including HTTP to HTTPS)
  6. And later on, I use W3 Total Cache with few Page Rules, one of them is with the Cache Everything option
  7. All works good so far

Hi fritevvz,

  1. Have changed the settings as advised.

  2. I have simple SSL installed and active.

  3. define(‘FORCE_SSL_ADMIN’, true); is active

  4. I cannot find define(‘COOKIE_DOMAIN’, in the file.

  5. How can I check this? Sorry i’m still learning

  6. I have WP Rocket active

  7. I think the point that I have an issue with is number 4 and 5, can you please advise how I can check these two?

Thanks for your help

Hi Sdayman,

I have tested disabling all the rules but it hasnt fixed the problem.
I also have always use HTTPS under edge certificates ticked.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.