Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
litespeed_wiki:cache:common:logged-in-cookie-conflicts [2017/06/01 18:22] Lisa Clarke [The Solution] |
litespeed_wiki:cache:common:logged-in-cookie-conflicts [2020/11/14 15:25] Lisa Clarke Redirect to new Documentation Site |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Managing Logged-In Cookie Conflicts ====== | + | ~~REDIRECT>https://docs.litespeedtech.com/lscache/troubleshoot/~~ |
| - | Login Vary Cookie conflicts can pop up when you have multiple web applications with [[litespeed_wiki:cache#litespeed_cache_plugins_by_application|LSCache plugins]] enabled on the same document root, with one app being served from a subdirectory of another (as in ''<nowiki>www.example.com/</nowiki>'' and ''<nowiki>www.example.com/app2/</nowiki>''). This can happen with distinct web applications, or multiple installations of the same app (e.g. two copies of WordPress). | + | |
| - | + | ||
| - | ===== The Problem ===== | + | |
| - | Of particular concern is the ''_lscache_vary'' cookie, which is the default in every LSCache plugin, and indicates the logged-in status of a user. As such, it is in control of what version of a page (logged in or not logged in) is served. | + | |
| - | + | ||
| - | **Example**: Wordpress at ''<nowiki>www.example.com/</nowiki>'' and XenForo at ''<nowiki>www.example.com/forum/</nowiki>''. | + | |
| - | + | ||
| - | As far as the browser is concerned, both the blog and the forum are //the same website// because the forum is actually a subdirectory of the blog. When the browser visits either one of those addresses, it will use the cookies for ''<nowiki>www.example.com/</nowiki>''. Even though the forum is an entirely separate application, to the browser it looks simply like a part of the blog. | + | |
| - | + | ||
| - | Here's how this situation presents itself: A user logs into WordPress, and the ''_lscache_vary'' cookie is set to indicate that they are logged in. This same user then visits XenForo as a non-logged-in user and hits the backend. Since the user is not logged in, LSCache caches the request, but the logged-in ''_lscache_vary'' cookie is still set. This causes future users logged-in to XenForo to get a "cache hit" on this page and be served the non-logged-in version of the page. | + | |
| - | + | ||
| - | ===== The Solution ===== | + | |
| - | To differentiate users logged into WordPress from users logged into XenForo, you need to change the names of the login vary cookies. Each application under the same root needs a uniquely-named cookie. You can manually modify ''.htaccess'' to address this issue, or you can go through the plugin interfaces. | + | |
| - | + | ||
| - | ==== Modifying .htaccess Manually ==== | + | |
| - | + | ||
| - | For each application, add the following rewrite rule to the ''.htaccess'' file under the application’s root directory, after ''RewriteBase'' and before all rules using the ''[L]'' flag. | + | |
| - | + | ||
| - | <code> | + | |
| - | RewriteRule .? - [E=Cache-Vary:_my_custom_vary] | + | |
| - | </code> | + | |
| - | + | ||
| - | ''_my_custom_vary'' is the cookie name that will now be used by that application. | + | |
| - | + | ||
| - | For example, in the above scenario, the WordPress ''.htaccess'' file may have something like: | + | |
| - | + | ||
| - | <code> | + | |
| - | RewriteRule .? - [E=Cache-Vary:_my_vary_EXAMPLE_wordpress] | + | |
| - | </code> | + | |
| - | + | ||
| - | And the XenForo .htaccess file might have: | + | |
| - | <code> | + | |
| - | RewriteRule .? - [E=Cache-Vary:_my_vary_EXAMPLE_xenforo] | + | |
| - | </code> | + | |
| - | + | ||
| - | ==== Modifying within a plugin ==== | + | |
| - | + | ||
| - | For each application, visit the LiteSpeed Cache admin area and modify the **Login Cookie**. | + | |
| - | + | ||
| - | === In WordPress === | + | |
| - | The login cookie can be modified in the WP-Admin panel. Navigate to **LiteSpeed Cache -> Settings -> Advanced**, as depicted below: | + | |
| - | {{ :litespeed_wiki:cache:wordpress_login_cookie.png?direct&700 |}} | + | |
| - | + | ||
| - | Changing the cookie name here will also change it in the rewrite rules. | + | |
| - | + | ||
| - | === In XenForo === | + | |
| - | The XenForo plugin will not modify the rewrite rules directly. In the XenForo admin panel, navigate to **Home -> LiteSpeed Cache -> Settings**, as depicted below: | + | |
| - | + | ||
| - | {{ :litespeed_wiki:cache:xenforo_login_cookie.png?direct&700 |}} | + | |
| - | + | ||
| - | After saving, a notification will appear. The notification will instruct you further on what to add to the rewrite rules, like so: | + | |
| - | + | ||
| - | {{ :litespeed_wiki:cache:xenforo_rules.png?direct&700 |}} | + | |
| - | + | ||
| - | After adding the rules, it can be verified in the **LiteSpeed Cache Management** screen: | + | |
| - | + | ||
| - | {{ :litespeed_wiki:cache:xenforo_verify.png?direct&700 |}} | + | |
| - | + | ||
| - | If the changes are correct, it will output the following: | + | |
| - | + | ||
| - | {{ :litespeed_wiki:cache:xenforo_verified.png?direct&700 |}} | + | |
| - | + | ||