INVALID NONCE: Unable to exclude UM login page in WPO Advanced settings

Resolved sigagan
(@sigagan)

5 years, 8 months ago

Hi,

Firstly, great plugin, it has helped me make my site faster and efficient.

I have been having issues with Invalid Nonce error on Ultimate member plugin Login page when using wp-Optimize cache. Once I purge and reload the server cache the error goes away(presumeably because the expired nonce is gone). The error comes back the next day until the cache is cleared.

I have tried below steps in isolation:
1) Scheduling the cache purge and preload(frequency set to cache lifespan) every 8 hours – This purged the entire cache but did not preload the entire cache and the issue persisted.
2) Excluded the Register, account, checkout and Login pages – When preloaded, the login page does not get cached which is desireable. But as soon as first human being logs in, it creates a cache entry for Login in wpo-cache folder. I have tried excluding /login/* and still no luck.

The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)

davidfh34
(@davidfh34)

5 years, 8 months ago

Hi, I have the same problem. This occurs since I upgraded to the version with minify, even if it is not active.
Marc Lacroix
(@marcusig)

5 years, 8 months ago
Hi @sigagan

To exclude the page from caching, you should use /login/ (without the *).
If subpages contain /login/ (e.g. /login/lost-password), then you should use
```
/login/
/login/*
```
I’m not sure why plugins use nonce fields on login forms, as they’re not necessary in this situation.

@davidfh34 Would you mind opening a new topic with a description of your issue?
If it’s an issue with “INVALID NONCE”, it won’t be new, as it’s a general page caching issue for which there isn’t an easy work around.

Marc.
Thread Starter sigagan
(@sigagan)

5 years, 8 months ago
Hi @marcusig,

Thanks for your response. I have excluded below pages in advanced settings.
/login/
/login/*

When I purge cache and then preload manually, the preload process does not create a login folder in wpocache. However, first human visit ends up creating the login folder. And therefore, INVALID NONCE issues persists. On the other hand, rest of the pages that I have excluded in wpo advanced setting do not get cached either by the preload process or by human visit.
Note, that I am using Ultimate Member plugin to manage user logins.
- This reply was modified 5 years, 8 months ago by sigagan.
davidfh34
(@davidfh34)

5 years, 8 months ago

Thanks @marcusig , I have disabled
/login
/login/*

both cached and minify JS. I am testing.

@sigagan check this link from Ultimate Member, they talk about disabling cache also on:

Account
Login
Password Reset
Register

https://wordpress.org/support/topic/invalid-nonce-cache-ultimate-member/
Thread Starter sigagan
(@sigagan)

5 years, 8 months ago
@davidfh34, I have tried that. But for some reason, wpocache exclusion is overriden for login page when first human visitor visits the login page. Other excluded pages do not get cached.

This is strange, because the preloader does not cache the login page.

The only way I am able to get around this is by manually purging cache.

@marcusig, please let me know if you need further info.

p.s. I am not using wpo-minify, as I am using Autoptimize.
- This reply was modified 5 years, 8 months ago by sigagan.
Marc Lacroix
(@marcusig)

5 years, 8 months ago

Hi @sigagan

Could you check that the settings are saved properly on the disk?
in wp-content/wpo-cache/config/config-www.stokai.com.php?

There should be a “cache_exception_urls” section with the excluded pages.

Thread Starter sigagan
(@sigagan)

5 years, 8 months ago

Thanks for your response @marcusig.

I checked the settings in that folder and found that the settings were being saved correctly. i.e. I can see the login URL there.

However, what I noticed was that there was another config file in that folder for my website – config-stokai.com.php. This file did not have the exclusions and was last modified more than 2 months ago, when I migrated my wp site.

So, I deleted that non-www config file. refreshed cache, and humanly accessed the login page. And the login folder was not created in the cache folder.

So far so good, I will check again in 12 hours, to see if this has resolved the issue. But looks promising.

It’s wordy, but I have put these details here, in case someone else has the same issue and comes across this page.