Problem with showing elements that are only visible to logged-in visitors (Wordpress)


#1

Hi, when enabling caching on my website by using a page rule, I start to have problems with a wordpress function I use (is_user_logged_in()).

I use this function to hide or show elements based on the logged-in status of my visitor. When a user logs in, these elements don’t detect the logged in status of the particular user (they are indeed logged in though). As if the pages don’t update after logging in. They don’t get to see the logged-in-only-elements.

I have tried disabling the caching on one page through the Page Rules and that seems to fix the problem on that one page.

How can I still enable caching on my website, but have this problem fixed?


#2

What does your initial page rule look like?


#3

Please see the attachment for my page rules.

I disabled caching on this page: https://www.supshare.nl/shop/snacks/savoury-pastries/

You can log in with username and password “cloudflare”. The header menu should change when you log in and the log in field should dissapear.

Now try the same here: https://www.supshare.nl/shop/uncategorized/vegan-sweet-potato-soup. On this page, where caching is enabled, it does not work the same way. Also, on the home page you’ll see the logged-out menu.

Thank you for your quick response.


#4

Well thats weird. Even it seems not to be the caching issue (i can’t verify this at the moment):

Disable rule 2, purge the cache and give it some time to propagate within the network. You might need to clear your browser cache as well.

Cache everything can reveal sensitive data especially when logi credentials are required. I did this with a Nextcloud test instance. Even i was logged out i was able to access the menu of a logged in user. No content was shown since thery are protected by their headers. But that could be dangerous on a misconfigured system.


#5

I have disabled rule 2 and now it does work as intended, but I’m not using any of Cloudflare’s caching advantages, right?.


#6

@ MarkMeyer

Any other steps I could take to fix this problem next to not using cache?


#7

Last bump


#8

Sorry. I lost track of my notifications, Too many the past days :joy:

You still take advantage of caching features. It’s just not everything being cached.
Scripts and other static content will be cached.

Cache everything is a cool feature but shouldn’t be used when a login comes in place. This could cause curious and serious issues.


#9

This topic was automatically closed after 31 days. New replies are no longer allowed.