Fixing the Cloudflare Full Page Cache for Ghost Member Logins

Fixing the Cloudflare Full Page Cache for Ghost Member Logins
Fixing the Cloudflare Full Page Cache for Ghost Member Logins

Initially, everything seemed to be running smoothly until I tested logging into my blog as a member. That's when I noticed an issue with session caching. Although not a critical problem, it appeared that every visitor to my site was being treated as a logged-in member, preventing them from actually logging in because the cached page appeared they were already authenticated.

To investigate further, I temporarily disabled the Cloudflare Proxy for my domain. This allowed me to inspect the cookies being set when users log in. I found that the relevant cookies were "ghost-members-ssr.sig" and "ghost-members-ssr".

To resolve the issue, I made sure to check for the presence of these cookies. If a user has these cookies, we bypass the cache and serve the content directly from the origin server. This way, cached pages no longer include authenticated user sessions, eliminating the incorrect perception that all visitors are logged in as members.

đŸ’¡
(http.request.uri contains "/ghost/") or (starts_with(http.request.uri, "https://myghostwebsite.com/p/")) or (starts_with(http.request.uri, "https://myghostwebsite.com/admin")) or (starts_with(http.request.full_uri, "https://myghostwebsite.com/#/portal/")) or (starts_with(http.request.full_uri, "https://myghostwebsite.com/members/")) or (http.cookie eq "ghost-members-ssr.sig") or (http.cookie eq "ghost-members-ssr")

It seems to be working well so far. While it may not be absolutely necessary to check for both cookies, I wanted to ensure I covered all bases. By verifying the presence of both "ghost-members-ssr.sig" and "ghost-members-ssr" cookies, I can account for scenarios where one of the cookies might be missing or get deleted unexpectedly. This redundancy helps maintain the integrity of the authentication system and prevents caching of logged-in user sessions, even if one of the cookies is absent or invalid due to factors like user actions, browser extensions, or conflicting settings.

Web Traffic Stats (Previous 7 days)

I am quite pleased with this setup so far! đŸ˜„

Read more