Applicable to:
- Plesk Onyx 17.8 for Linux
- Plesk for Linux
Symptoms
When Nginx caching is enabled with default settings, all pages with a cookie (even _gid
only) are not cached by default, the response header contains: x-cache-status:
BYPASS
Cause
That is the expected behavior.
According to Plesk documentation:
PLESK_INFO: By default, nginx does not cache HTTP requests that contain the Cookie HTTP header. You can change this behavior and have nginx cache HTTP requests containing certain cookies by specifying the names of the cookies in the “Cache requests with cookies” field.
The caching for pages using cookies and/or user-specified parameters should be configured very carefully since it may compromise website security or lead to incorrect behavior of a web application, that is why this feature is disabled by default. The same logic applies to the default Nginx behavior as per Nginx documentation:
PLESK_INFO: It does not cache responses with ... Set-Cookie in the response header. You can override these defaults as described in the answers below.
Resolution
This behavior can be changed to make Nginx cache HTTP requests containing certain cookies by specifying the names of the cookies in the Cache requests with cookies field:
-
Go to Domains > example.com > Apache and Nginx Settings.
-
Specify required cookie names in the Cache requests with cookies field.
For example,
_ga
and_gid
cookie names are specified, Nginx will only cache HTTP requests with cookie headers that contain_ga
or_gid
.
Comments
4 comments
This is not suitable for production environments at all. We use different analytics and solutions that always generate random cookie names. How are we supposed to put those. This defeats the whole reason for the caching at all.
Like is the a way, Cache al requests except with certain cookies? The opposite of what is current available?
There should be a way to disable checking browser cookies. If I have pages where user has to be authorized (e.g. I set session) and then they go back where pages should be cached, nope cache bypass. Basically you cannot even force fastcgi cache for pages where you know you will not "SET" headers. I think there should be better control over this and NGINX should only bypass cache on pages that have explicit "SET-COOKIE" header. For everything else we should have control by either setting "cache-control" cookie or something like that from PHP.
It would be so easy to control nginx cache by just using headers "cache-control: no-cache, private" and/or "cache-control: max-age=315360000". How does a cookie check matter if I use php session cookie on /contact page to verify CSRF...
needed to be improved
Is there any way, to enable any cookies without having to write one by one?
There are some pages that use session cookies, and these cookies are dynamic.
Please sign in to leave a comment.