Title: ajax, invalid session
Last modified: October 11, 2018

---

# ajax, invalid session

 *  [manolime](https://wordpress.org/support/users/manolime/)
 * (@manolime)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/ajax-invalid-session-2/)
 * Hello everyone,
 * I am trying to load a ajax window in a page of my website for choosing products.
   This window can’t load and appears a red message “error, the session is invalid…”.
   In the log files there is an error 403 for post method. This happens only when
   there is not someone logged in. If he does works fine!
 * What is wrong, do you believe?
 * Manolis

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/ajax-invalid-session-2/#post-10773210)
 * AFAIK, any POST request requires being logged in. What POST request are you sending
   where you believe not being logged in is OK? I know Ajax, but what is the Ajax
   POST supposed to do?
 *  Thread Starter [manolime](https://wordpress.org/support/users/manolime/)
 * (@manolime)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/ajax-invalid-session-2/#post-10776849)
 * Hello,
 * thank you for your reply.
    The post method refers to loading a window with several
   products. it is a url like mydomain.com/mypage/?plugin=ajax which apperars in
   log files with error. TO boost my topic, do you believe that this has to do with
   cache or any other server systems?
 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/ajax-invalid-session-2/#post-10777856)
 * I don’t see why a HTTP POST request would be required to load a product window.
   Using Ajax GET method should suffice. POST is generally used when data in the
   DB needs to be updated, GET is used to show a user data that’s already there.
   That said, there are on occasion legitimate not logged in POST requests, such
   as requests to wp-cron.php to execute scheduled events. At least wp-cron.php 
   would normally execute despite not being logged in. Each type of call is unique
   and needs to be evaluated individually.
 * I’m pretty sure it’s WP throwing the errors, POSTs are not cached and the server
   itself doesn’t have a problem with POSTs, unless a specific rule in .htaccess
   blocks them for some reason. Do you have a security plugin? I could imagine one
   of those blocking POST requests if the user is not logged in, but then there 
   would be a whitelist to allow legitimate requests like those to wp-cron.php.
 *  Thread Starter [manolime](https://wordpress.org/support/users/manolime/)
 * (@manolime)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/ajax-invalid-session-2/#post-10782539)
 * Hello,
 * Thank you for your analysis.
    Well the only Post which the server dinies is the
   one I described above. For other cases work. From the other side I have read 
   that when there is different behavour of a site between logged in and not, this
   is a matter of cache system. I had installed several plugins for cache, for links
   etc, but trying to remove them and delete anything extra in htaccess, the overall
   site got blank pages. Except the post url above which is the only thing that 
   works now normal!! Personally I believe for this reason it has something to do
   with server system cache.
 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/ajax-invalid-session-2/#post-10785784)
 * It’s true that many caching schemes will not serve cached data if the user is
   logged in because they are typically altering content, but that would only apply
   to a WP specific cache. Server level caching doesn’t know about logged in users.
 * While caching schemes may cause one to see stale data, I don’t see caching schemes
   responding with 403 forbidden. That’s typically some sort of security at play,
   whether simple file permissions or the mod_security server module. However, caching
   can greatly confuse debugging of other issues because we keep seeing cached errors
   despite the bug having been fixed. It’s best to disable caching when debugging
   where possible. Otherwise we need to constantly flush the cache to ensure we 
   are seeing current data.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘ajax, invalid session’ is closed to new replies.

## Tags

 * [ajax](https://wordpress.org/support/topic-tag/ajax/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 5 replies
 * 2 participants
 * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * Last activity: [7 years, 8 months ago](https://wordpress.org/support/topic/ajax-invalid-session-2/#post-10785784)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics