Andrews.com is now for sale - Learn More!

CloudFlare Tip: Cache Everything Except Member/Logged-In Content

cloudflare1I’ll assume you’re here because you’ve figured out that you can use CloudFlare to pretty much Digg-proof your site.

To do this, you simply set up a CloudFlare page rule to cache everything on the front end of your site.

After that’s set up, your web pages (the html, not just the images, css and js files) will be cached. When your article suddenly gets thousands of hits in the span of a couple of minutes, CloudFlare should take over and do the heavy lifting, so your site doesn’t crash.

Ah, but after setting up that page rule, you discovered why CloudFlare doesn’t do this by default. There are unexpected consequences, and resolving them can get pretty tricky.

Non-members getting logged-in member content

The biggest issue I ran into was that CloudFlare would cache a page when a logged-in member of my site was visiting it.

Since the user is logged-in, the page includes a nice little welcome… by name.  The log-in/log-out link says ‘log out’. And… since I’m using WordPress and have the admin toolbar available to my members on the front end of the site, the member-only toolbar appears.

So a casual reader comes along, visits the cached page, and it looks like they are logged-in, under a username they don’t recognize, and they see the (non-usable) admin bar.

This leads to confusion and exposes the previous logged-in user’s username to… whoever.

Not good.

I spent about two months trying to figure this out. Went back and forth with CloudFlare customer service, who didn’t have a working solution… until I happened upon just the right customer service rep. He had an easy fix.


 “I would recommend setting the private cache header when users are logged in: 

Cache-Control: private, max-age=3600

This will ensure that CloudFlare does not cache the authenticated content.”


So, in my WordPress theme’s header.php file, at the top, I did this:


//recommended by cloudflare for logged in users
if ( is_user_logged_in() ) {
header(‘Cache-Control: private, max-age=3600’);
}


It works! And if you are comfortable with php, you can do this same. If you aren’t, get some help.

Wish I had gotten this answer when I first asked CloudFlare for help. Apparently some reps know more about this stuff than others.

Opps… another complication crops up though…

Logged-in members getting non-logged-in pages

This is the opposite problem.

A non-logged in visitor goes to a page, it gets cached.

Then a logged in user visits the page, and they get the cached, non-logged-in, version of the page.

They are really logged-in, but it – looks – like they aren’t.  They see the “log in here” link. They don’t see the “Welcome (username)”. They don’t see the WordPress admin toolbar.

There’s not a good solution for this problem, short of buying one of CloudFlare’s $5000+ per month Enterprise plans. That was CloudFlare’s recommendation when I asked them about this issue.

I did find a bad solution. I made a CloudFlare page rule to bypass urls that include ‘cache=n’. Then I jumped through all sorts of hoops to append ‘?cache=n’ to most of the internal urls on my site when a user is logged in. It’s a messy and problem riddled solution, but it kind of works… most of the time.

Here’s where we need CloudFlare to step in and help us out though.

They have some incredibly smart, well paid, cache-savvy techs over there. I’m sure they could come up with a good solution that could be offered at the Pro ($20) level, if not the free version.

What we need is a graceful way for logged-in users to bypass the cache. A way we can signal to the CloudFlare servers that this visitor is logged-in and should get a live version of the page, while everyone else gets the cached copy.

Maybe through a cookie we can set for logged in users? Maybe free/Pro/Business accounts could have one ‘cookie rule’ for bypassing the cache?

They could even tell us a specific cookie name/value to use for this purpose. Then we could set it when a user logs-in and unset it (if desired) when they log-out.

If you are stuck on the same problem – help me bump this up CloudFlare’s priority list.

You can send them a note at [email protected] or contact them online and point them to this story. Let them know you are having the same problem and need a way for your logged-in users to bypass the cache so they always get a live version.

The more they hear from us, the more likely we are to get a solution.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Experts Wanted!

I'm looking for a few great writers!

Experts in the following topics are wanted:

- Tech
- Smartphones
- Tablets
- HDTVs
- Gaming
- iStuff, Macs
- Apps & More!

- Entertainment
- Movies
- Music
- TV Shows
- Streaming Services

- And More!
- Fashion
- Pet Products
- Cars
- Insurance
- Health Products
- Food & Grocery
- Restaurants
- Specific Stores
- Deals & Sales
- Social Sites
- ... and more!

Click on the link below for more info: