PHP user's session bug using Cache rules

Hi all,

I have a PHP website and having session issues when using strong cache rules (Cache Level: Cache Everything).

Am having issues in terms of how PHP handles Front-end users after login. Examples :

  • a user will see another username in login module (this other username comes from another logged in user at this moment)
  • Facebook login will not work often.

The parameters at Cloudflare was :


  • ‘Browser Cache Expiration’ to ‘1 year’

Rules :

  • Browser Integrity Check: On, Browser Cache TTL: an hour, Cache Level: Cache Everything, Edge Cache TTL: a month
  • To temporary sort out the issue, and the only way sessions works as expected is setting this rule on top:

Rules :

Cache Level: Bypass

But when adding this the overall caching will be disable i believe. Most of my files cache responses are coming as DYNAMIC.


Thank you for asking.

Unfortunately, from the Cloudflare docs, Cache Everything shouldn’t be used when you have login forms, cart, checkout and similar webpages.

Yes, that’s a “normal and expected behaviour” with the cache system, not just Cloudflare cach as far as every other caching system would cache the “logged-in” page or a “shopping cart” page from the “userA” as a .html file and serve it back to every other visitor/userB/userC for the next:

1 year as you selected … to the visitors which already have visited your website :confused:

The issue here is, normal users don’t know how to clear their web browser cache, therefore would have trouble using your website/web app.

Kindly, I’d suggest you to:

  1. Use Cache Level: Standard + Use Argo Smart Routing (paid) to speed-up “dynamic content” + Argo Tiered Cache (free)
  2. Or upgrade to a Business plan which offers us to use the Bypass Cache on cookie option
  3. Remove Page Rules (at least disable the one with Cache Everything) and click on the “Purge everything” button to clear all the caches at Cloudflare edge to prevent further issues for your visitors/user/customers.
1 Like

Ohh got it, I was going for strong cache because I use Load Balancing and it has to cache my website’s files, so it doesn’t have to request them from the origin on every user requests. Also cached files will be served from the users’ nearest datacenters.

Hm, you mean static files like CSS, JavaScript, images, fonts, etc.? :thinking:

Thankfully, that’s already cached “by default” using the Cache Level: Standard :wink:

Kindly, find more additional information which filetypes are cached “by default” using “Standard” mode at the link from below:

And using Page Rules, you can set for specific paths different cache values like Browser Cache TTL and Edge Cache TTL, or even make Cloudflare to respect the HTTP headers for the cache sent from your origin host/Server (configure on the server as you need, then just use the option Origin Cache Control: On).

Nevertheless, due to the PHP web app, may I share a quick tip with you: Tune-up your PHP values a bit at your server/hosting provider/cPanel if you can:

memory_limit = 256M
max_execution_time = 300
max_input_time = 1000
max_input_vars = 5000 or 7000
post_max_size = 64M
upload_max_filesize = 32M

If possible, install and use PHP OPCache.
If you are using PHP 8.0, you can use the benefits of the new JIT feature.
As far as I do not know which kind of app/framework are you using, if it has got an option to connect and levarage the CPU/disk work for your database, kindly use Redis or Memcached.
Related to the web server, again, without knowing which one, try to tune-up it’s configuration file for better performance gain.
In terms of a server, try to use the one with more vCores (if VPS) and SSD/NvME with good internet bandwidth.
And above the all, using Cloudflare provides you more benefits in terms of a security & optimization.

1 Like

Thanks brother. i have removed the cache everything rules and it’s not braking sessions. i will also consider all the tips and put them in practice i really appreciate.

Only thing is i been struggling on installing Argo Smart Routing on my server and can’t find a good tutorial.

1 Like

One and only the single click in the Cloudflare dashboard is needed :wink:
You can try it for a month and see how it goes.

There is no installation at the origin/server → you are not required and don’t have to use Cloudflare Tunnel (which requires installing cloudflared tunnel on a origin/server) to use Argo Smart Routing.

I really though that it was required to install cloudflared for the routing.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.