I have a site that the logged in state only exists on my account, cart and checkout pages. I think this is because the other pages are getting cached. I’ve tried adding a cookie bypass rule with no success. I have confirmed that is it Cloudflare by adding the native IP address to my hosts file, and sure enough, login state on all pages. Here is my page rule:
Are you using APO? Since Cloudflare doesn’t cache pages, you shouldn’t have to bypass cache for anything. And if you are using APO, it should already bypass cache for those cookies.
I’ll try to take a closer look when I get home later.