• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.
  • Chevereto Support CLST

    Support response

    Support checklist

Which cookies should not be cached for Chevereto?

matrax

matrax

Chevereto Member
Hello,

I'll set up my own cache for Chevereto. But I need cookies list for that. I don't want to use the cache for logged in users. Which cookies should be excluded?

For example, WordPress uses below cookies for logged in users:

NGINX: 
"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in"

Or caching solution is not good idea?
 
Last edited:
I really don't understand your question. Cookies are stored in the client side, why the sever should cache a cookie?

Maybe you are talking about session variables?
 
like Rodolfo said, all cookies upon login is always stored on client's own browser end. Cookies are never stored on the server end. So then you cannot cache any cookies, if it's stored on server end then risks is that some 1 can exploit and hijack those cookies and log in as admin user, so, therefore, cookies are stored on client end instead of server end to prevent this from happening.
 
Rodolfo said:
I really don't understand your question. Cookies are stored in the client side, why the sever should cache a cookie?

Maybe you are talking about session variables?
Click to expand...
JakeSully said:
like Rodolfo said, all cookies upon login is always stored on client's own browser end. Cookies are never stored on the server end. So then you cannot cache any cookies, if it's stored on server end then risks is that some 1 can exploit and hijack those cookies and log in as admin user, so, therefore, cookies are stored on client end instead of server end to prevent this from happening.
Click to expand...

Thank you for replies. I just wanted to implement the Nginx FastCGI cache. It is a strong server-side caching solution. So pages like login, user page, etc should be excluded from the cache. Also, I don't want to use the cache for logged in users. That's why I want excluding cookies.

For example, I'm using NGINX FastCGI cache on my WordPress blog. And below NGINX rules are working well in order to exclude cache for logged in users and admins:

[CODE lang="nginx" title="Cache"]# First of all, Cache everything!
set $skip_cache 0;


# POST requests and urls with a query string should always go to PHP

if ($request_method = POST) {

set $skip_cache 1;

}

if ($query_string != "") {

set $skip_cache 1;

}



# Don't cache uris containing the following segments

if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {

set $skip_cache 1;

}



# Don't use the cache for logged in users or recent commenters

if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {

set $skip_cache 1;

}[/CODE]
 
If I can implement Nginx FastCGI solution for Chevereto thanks to you, I'll share a how-to cache Chevereto in NGINX guide in here.
 
You must log in or register to reply here.
Back
Top