When users login they can only add something to their cart if its not yet cached

Site: midcenturywarehouse.com

Recently I implemented a bunch of Page Rules that increased the amount of our site that was cached by CloudFlare because I was noticing the majority of our traffic was still being served by our origin server instead of CloudFlare. Implementing a series of Page Rules that EXCLUDED all of our account/login sections and the backend admin sections of the site as well as INCLUDING a main https://midcenturywarehouse.com/* as a lowest priority Page Rule after all of the exclusions definitely helped solve this issue and now much more of the site was now being served by CloudFlare instead of the origin server so our page load times noticibly increased.

That’s great, except now I have a different problem.

On our site, users have to log in to their account (or create an account if they don’t already have one) before they can add anything to their shopping cart.

Creating the account is no problem. But after the user is logged in, they are still unable to add anything to their shopping cart IF the item they’re looking at has already been cached.

If the item they’re looking at has NOT been cached, then yes, they can add it to their cart without any problem. The problem only appears when looking at an item’s page that has been cached, or looking at anything item displayed on the home page (which of course has all been served from cache)

You can easily tell when a user will and won’t be able to add an item to their cart based on the login button text in the upper right corner of the screen - if it says “Create An Account” they will NOT be able to add the item to their cart (since the cached version is showing even though they are logged in) and if it says “Logged In As [Customer Name]” then they WILL be able to add the item to their account.

So my question is… what else do I need to implement in Page Rules to be able to allow the logged in user to add anything they want to their account whether that item’s page has been cached yet or not???

Thank you,

Cache Everything Page Rules don’t work on login sites. If it’s WordPress, you’ll have to use APO from the Cloudflare Plugin and the Speed → Optimization page of the Cloudflare dashboard. Or a Business Plan. Either will let you Bypass Cache on Cookie. Just realize that once logged in, users will no longer receive the benefit of cached pages at Cloudflare because they’re viewing customized pages for their account.

Ok, it doesn’t look like WordPress. You can emulate the Business Plan’s “Bypass Cache On Cookie” feature with a Worker like this, but you’ll have to custom tailor the worker for your site’s cookie(s).

This site is PrestaShop not Wordpress.

But you’re saying that if I switch to a Business Account (something I was thinking about doing anyway due to being able to have our own SSL certificate uploaded) then I can specify this Bypass Cache on Cookie option right within my existing Page Rule of midcenturywarehouse.com/* ??

That’s not something I think is worth $200/month. Heck even on my Biz and Ent plans I don’t do that. Too much hassle to keep uploading, even it’s just 90 days…even if automated. Cloudflare does a much better job of making sure I have a valid cert at all times than I.

But, yes, it’d work something like this, but customized for your own cookies. This is actually my last rule. I have earlier rules to bypass cache for login and admin, plus longer cache durations for certain filetypes.

I was thinking that having an EV certificate uploaded would be a better option than sharing an IP pool with a bunch of unknown websites. Someone had told me this greatly increased their “trust” with various search engine rankings, despite Google swearing there is no such thing as “bad neighborhood IP pools” in its calculations.

Anyway, so you’re saying I just need to find out what my login cookie(s) are named and then do this OR use the Worker, which I haven’t looked into yet.

If I were able to post my cookie names, might I get some more precise help with those configurations?

Thank you.

These are not related.

Not likely. But if Biz plan is worth $200/month for other reasons, it’s sure nice to have.

You’d use those cookie names in the Biz Plan page rule OR the worker. They both work the same way.

If you look at the PMeenan script or the Biz Page Rule, you’ll see the cookies all work the same way: only the first part is needed. Wildcard at the end if it’s a Page Rule, or just truncate it it for the Worker.


Here is a list of cookies I was able to gather via my Developer tab in Firefox.

So I’m guessing for this to work best, I need to use PrestaShop-*

Any others you would recommend?


Ok, now I am using this as my last Page Rule after all the ones about specific URLs like admin login URLs as well as customer account URLs when they are logged in or creating an account.

By the way, our home page changes every 24 hours with a new set of randomized items so its always fresh to returning visitors so this is why I set the Edge Cache to 12 hours - maybe it should be 24 instead? Also I’m not sure if my Browser cache is the best.

That looks like a reasonable Page Rule. Hopefully that takes care of everything.

What seems to be happening now is that when I clear my cookies and then start browsing around the site as a fresh user, everything is fine until our popup comes up and so I click to get rid of it and then on the next page load is when I seem to get a cookie with the name PrestaShop-whatever - without even trying to log in to my account.

So this is defeating the purpose of the Bypass Cache on Cookie rule.

I went ahead and made my developers a screen video showing what I am talking about and correct me if I’m wrong, but we need to somehow rename the different cookies that get generated so I can tell the difference between them and single out the one that controls whether the user is logged in or not, right?

Because even after I log in, it seems like the same cookie from before is still there, which makes me seems like the login info is being stored in this initial cookie that gets created after the popup for some reason.

I’m not 100% sure on this, but this appears to be what is happening.

The popup probably sets a cookie so it doesn’t pop up again. Popups aren’t fun.