We have a system where we pass a nonce from a PHP-script on the server to an AJAX-call running client-side, and then back again to check the validity of the request.
This nonce is cached, and we can't figure out how to exclude it. We had cache time set to 10 hours but have since reduced it to 8 hours.
But let's say the nonce is renewed at 12 AM and the cache is renewed at 10 AM, we still have six hours of the nonce not working even with 8 hours cache.
How do we fix this?
We have a system where we pass a nonce from a PHP-script on the server to an AJAX-call running client-side, and then back again to check the validity of the request.
This nonce is cached, and we can't figure out how to exclude it. We had cache time set to 10 hours but have since reduced it to 8 hours.
But let's say the nonce is renewed at 12 AM and the cache is renewed at 10 AM, we still have six hours of the nonce not working even with 8 hours cache.
How do we fix this?
Share Improve this question asked Jun 15, 2020 at 7:49 TASanTASan 421 silver badge9 bronze badges 3- Sorry if it's an obvious answer, but it sounds like you shouldnt' be caching the Ajax/API call. So is your question how to prevent caching for a specific URL? Do you know what's caching it? Is it the browser, or do you have a caching plugin or CDN or anything else that might be doing the caching? – mozboz Commented Jun 15, 2020 at 10:13
- @mozboz - It's the plugin WP Rocket. It does not cache AJAX-calls by default, but the nonce generated is still cached. We can prevent caching for the specific URL, but then we'll stop caching all product pages in a pretty huge store, so that won't be a solution sadly. I'll look more into the AJAX-part because it sounds like this shouldn't get cached. – TASan Commented Jun 15, 2020 at 10:34
- Yes, the AJAX request should have its own URL that needs to be not cached, which is different to the page that request loads in. Sorry if I'm stating the obvious. – mozboz Commented Jun 15, 2020 at 10:40
1 Answer
Reset to default 0Find the specific AJAX call URL and prevent that being cached with the WP-Rocket advanced rules settings. https://docs.wp-rocket.me/article/54-exclude-pages-from-the-cache.
As per your comment, you need a strategy for not having the nonce in a file that can be cached such as javascript files, so as you said, use PHP to generate the nonce and pass it outside of the javascript file.