Hello. I have a website https://varta.ua and I see a strange bug.
I enter the home page. On the top I see “Register” and “Login” links, I am unauthorized
I go to the login page and login
I got redirected back to the home page. The problem is that I still see “Login” and “Register” button in the header instead of “Hello username” text. I have a feeling that I didn’t get in and I am still unauthorized.
If I refresh the page - everything gets ok, I see that I am authorized in the header.
So, what’s hapenning? Users think their login was wrong, however it was ok, just the text on the header is cached and wrong.
If I look in headers I see:
cache-control: max-age=600
server: cloudflare
expires: now + 10 minutes
I don’t have any Cloudflare application installed. How can I disable that cache to prevent this bug? Thanks.
No, it doesn’t. Currently development mode is enabled.
My website is VARTA.UA . Please go and see headers. I see
cache-control: max-age=600
server: cloudflare
expires: now + 10 minutes
Where do you see that? There is no cache-control: max-age=600 in your main HTML page, and page is not being cached. It’s being served directly from your origin.
If there was a cache-control: max-age=600 earlier, it means that it either came from your server, or you added a page-rule with “cache everything” and “Edge cache TTL”. If you setup rules like that, it means you will cache html pages also.
If there is no cf-cache-status header, then CF is not the one doing the caching. Maybe your host has its own cache plugin or cache server in front of your server.
I see there is cache-control today, but clearly not yesterday from here at least (ref screenshot). That cache-control: max-age=600 is not coming from Cloudflare … There’s not even a setting in Cloudflare to “cache for 10 minutes” (600 seconds), and Cloudflare will never cache html documents anyway, unless you have a “Cache everything” catch-all page rule. Also, you said you already tried “development mode” and the header was still there … “development mode” means that Cloudflare won’t do anything at all, and just passes on from your origin.
This header is from your server or a cms plugin. You can try to uncheck the orange cloud in DNS settings to entirely bypass Cloudflare.