Articles in this section

See more

When Nginx caching is enabled with Plesk's default settings, all pages with a cookie is not be cached

Avatar
Julian Bonpland Mignaquy
Updated
Follow
Plesk for Linux kb: technical ABT: Group A

Applicable to:

  • Plesk Onyx 17.8 for Linux
  • Plesk for Linux

Symptoms

When Nginx caching is enabled with default settings, all pages with a cookie (even _gid only) are not cached by default, the response header contains: x-cache-status: BYPASS

Cause

That is the expected behavior.
According to Plesk documentation:

PLESK_INFO: By default, nginx does not cache HTTP requests that contain the Cookie HTTP header. You can change this behavior and have nginx cache HTTP requests containing certain cookies by specifying the names of the cookies in the “Cache requests with cookies” field.

The caching for pages using cookies and/or user-specified parameters should be configured very carefully since it may compromise website security or lead to incorrect behavior of a web application, that is why this feature is disabled by default. The same logic applies to the default Nginx behavior as per Nginx documentation:

PLESK_INFO: It does not cache responses with ... Set-Cookie in the response header. You can override these defaults as described in the answers below.

Resolution

This behavior can be changed to make Nginx cache HTTP requests containing certain cookies by specifying the names of the cookies in the Cache requests with cookies field:

  1. Log into Plesk.

  2. Go to Domains > example.com > Apache and Nginx Settings.

  3. Specify required cookie names in the Cache requests with cookies field.

    For example, _ga and _gid cookie names are specified, Nginx will only cache HTTP requests with cookie headers that contain _ga or _gid.

    79199.png

Comments

4 comments

Sort by Date Votes
  • Avatar
    Edu MB

    Is there any way, to enable any cookies without having to write one by one?

    There are some pages that use session cookies, and these cookies are dynamic.

    0
    Comment actions Permalink
  • Avatar
    eamon

    needed to be improved

    0
    Comment actions Permalink
  • Avatar
    AbdulRaheem Alick

    This is not suitable for production environments at all. We use different analytics and solutions that always generate random cookie names. How are we supposed to put those. This defeats the whole reason for the caching at all.

    Like is the a way, Cache al requests except with certain cookies? The opposite of what is current available?

    0
    Comment actions Permalink
  • Avatar
    Jaka Prasnikar

    There should be a way to disable checking browser cookies. If I have pages where user has to be authorized (e.g. I set session) and then they go back where pages should be cached, nope cache bypass. Basically you cannot even force fastcgi cache for pages where you know you will not "SET" headers. I think there should be better control over this and NGINX should only bypass cache on pages that have explicit "SET-COOKIE" header. For everything else we should have control by either setting "cache-control" cookie or something like that from PHP. 

    It would be so easy to control nginx cache by just using headers "cache-control: no-cache, private" and/or "cache-control: max-age=315360000". How does a cookie check matter if I use php session cookie on /contact page to verify CSRF... 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles