Caching isnot working correctly while accessing password protected post(s)

[Mai-Saad]

Before submitting an issue please check that you’ve completed the following steps:

• Made sure you’re on the latest version => 3.10.9
• Used the search feature to ensure that the bug hasn’t been reported before

Describe the bug Accessing any page after accessing pw protected page will result in disabled caching for this page if opened within the same browser window

To Reproduce Precondition:

• Having password protected post/page

Steps to reproduce the behavior:

1. Visit the PW protected post/page incognito
2. Enter the PW and save
3. Open any other normal page in a new tab within the same window
4. Check the source => page is not cached

Expected behavior Caching is applied on other pages than PW protected pages

Screenshots https://user-images.githubusercontent.com/76941962/157243842-5b5b9722-1cc4-4972-b6a5-7925f2ec32da.mp4

Additional context

• Clear browser cookies then access normal pages, will be cached normally

Backlog Grooming (for WP Media dev team use only)

• [ ] Reproduce the problem
• [ ] Identify the root cause
• [ ] Scope a solution
• [ ] Estimate the effort

[mroesele]

Hi Mai,

you opened this ticket two years ago. Have you already found a solution to this problem?

Yesterday I also stumbled across that behavior. Whenever you enter a password on any password protected page, WordPress will save a cookie named wp-postpass_* and wp rocket will then fail to deliver cached pages throughout the website.

So it looks like WP Rocket will stop working as soon as the wp-postpass_ cookie is present in a client browser.

I suspect that this condition in .htaccess is causing or at least contributing to this behavior:

RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_.+|**wp-postpass_**|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]

that line in htaccess is being generated in htaccess.php by calling the get_rocket_cache_reject_cookies() function https://github.com/wp-media/wp-rocket/blob/develop/inc/functions/options.php#L284

WP Rocket delivers cached pages again after manually removing this cookie. However, I was not able to stop that behavior by manually removing wp-postpass_ from the htaccess condition.

I would like to see a solution to this problem. I've already submitted a request with the support form on the wp rocket website, let's see what happens.

[mroesele]

To anyone who's experiencing the same problem (using wordpress built in password protected pages prevents wp rocket cache for anyone who enters a password).

I just noticed that you can filter the $cookies array with the help of rocket_cache_rejectcookies. So here's a quick fix to remove wp-postpass from the list of "all cookie names we don't cache."

add this code to the function.php of your (child) theme and change something in wp rocket config or deactivate & activate wp rocket plugin to force generating a new htaccess file.

    /*
    *  Make WP Rocket keep doing its job even if wp-postpass_ cookie is present
    * 
    *  warning: please make sure to manually set "never cache this page" for password protected pages.
    *  failing to do so might result in bypassing the password protection
    */
    add_filter( 'rocket_cache_reject_cookies', 'wp_rocket_ignore_postpass_cookie' );
    function wp_rocket_ignore_postpass_cookie( $cookies ) {
      foreach ( $cookies as $i => $cookie ) {
        if ( $cookie == 'wp-postpass_' ) {
          unset( $cookies[ $i ] );
        }
      }
      return array_values( $cookies );
    }

Just remember to set "never cache this page" for any password protected page and you should be fine.

The result is that any not password protected page will still be delivered really fast by wp rocket and any password protected page will not be cached.