WooCommerce customer login: Litespeed Cache with ESI

Hey

I have encountered an issue that looked very much like a random bug, until after a long investigation work i figured out a relatively simple path to replicate the issue. The conditions for the bug are litespeed with ESI activated on a woocommerce site (i have updated to litespeed plugin latest version v6.3, no change).

Here is the simplest path I could find to replicate the issue:

• start from a fresh browser state (significant, the bug seems to lie at the intersection between nonces and cookies).
• go to the woocommerce shop, select a product and add to cart
• from cart or minicart, remove the product (which clears the woocommerce session)
• go then to the woocommerce account login page

at this point, any attempt to login will fail (w/o even processing the credentials; my interpretation is that the woocommerce login nonce is off, and there is a shortcut in how woocommerce handes the form that short circuit when the nonce is off; i cannot prove it since this is on a test site where i cannot debug as easily as on localhost).

When clearing the browser state (clearing all cookies), and going directly to the woocommerce login page, the login form works again as expected.

Now when deactivating ESI, the same path works well, so this appears related to the ESI support. Activating the litespeed debug logs show that LS seems to do something clever with (a subset of) the nonces, and in particular it processes the woocommerce login nonce. This is a bit unexpected since the woocommerce account page is (correctly) detected as non cacheable, so I am not clear why ESI are still playing with the contents the page.

I don’t think there is anything specific to the website i am developing that would explain this behaviour, but it is difficult to say for sure (eg the template for the login page is slighlty custom, but the important bits are copied from woocommerce code).

Can you please kindly advise?

The page I need help with: [log in to see the link]