W3TC and Ajaxize getting the dreaded "-1" again.

  • Resolved joshuaiz

    (@joshuaiz)


    9 years, 11 months ago

    This is for a different site than I originally posted about regarding Ajaxize returning “-1” instead of the Ajaxized content. That problem was fixed by increasing the garbage collection frequency.

    Unfortunately I am running into this again on another site but it is only happening with W3 Total Cache and only on Windows machines. The problem occurs even after W3TC is first instantiated or just after the page cache has been cleared so this can’t have anything to do with the garbage collection frequency.Depending on the Windows version, a page refresh fixed it but not always.

    I know nothing about crsf tokens so I have no idea if this is related to that or something else. At least on this particular site, W3TC is quite a bit faster than WPSC so I would prefer to use W3TC. The problem does not occur at all with WPSC.

    Any ideas?

    https://wordpress.org/plugins/ajaxize/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author yoav.aner

    (@yoavaner)

    9 years, 11 months ago

    Thanks for the detailed report!

    I’ve come across this as well, but it’s tricky to reproduce exactly in order to try to resolve. I’m away on holiday at the moment, so not sure when I’ll have time to address this.

    I’m guessing the caching that W3TC applies makes some browsers cache the page longer than necessary, which invalidates the CSRF value. Why it happens only/mostly on Windows/W3TC is an interesting question.

    I might remove the CSRF protection entirely, but it’s not the ideal solution for security reasons (although this extra ‘security’ is something debatable since most functions exposed by ajaxize are harmless or not applying any changes, and also parameters are limited making it a difficult targets for attacks anyway).

    Alternatively, there might be a more optimal cache settings that avoids this problem, but I haven’t found it. I believe that CSRF tokens expire after 12 or 24 hours. Setting the page to refresh the cache more frequently could resolve this in theory. If you are able to experiment with some cache settings, you might be able to help.

    Otherwise I’ll try to take a closer look, but unfortunately I can’t promise exactly when.

    vertex-polygon

    (@vertex-polygon)

    9 years, 10 months ago

    Hi,
    Same problem here.
    I use W3 Total Cache and today I have the “-1” on Firefox(Linux), Opera(Linux) and others web browsers under Android. So for the moment I have reduced the garbage and wait.

    Plugin Author yoav.aner

    (@yoavaner)

    9 years, 9 months ago

    Can anyone try with the latest W3 Total Cache version? Also worth trying to make sure either the browser caching is disabled in W3TC, or that at least the “Expires header lifetime:” is set to 3600 seconds.

    Plugin Author yoav.aner

    (@yoavaner)

    9 years, 5 months ago

    I’ve released version 1.4.1 which has an option to disable Ajax Referer Check. This should resolve those -1 issues I believe. Please try and let me know.

    Thread Starter joshuaiz

    (@joshuaiz)

    9 years, 5 months ago

    Thanks for this. Just updated and will let you know if I run into any issues.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘W3TC and Ajaxize getting the dreaded "-1" again.’ is closed to new replies.