Jump to content

Firefox + Cloudflare guest caching = Cookie bar failure


Recommended Posts

I had a user report and can replicate this easily. I appears at least with the combination of Firefox (mobile and desktop) and Cloudflare with guest caching. 

  1. Visit site without stored cookies
  2. Cookie bar appears
  3. Click Accept or Reject
  4. Site shows an error (2S119/1) and URL changes to mysite.com/cookies/?do=cookieConsent

I guess it has something to do with the CSFR key being cached and used for multiple users, but I have no idea how to fix this without turning off guest caching altogether. 

Link to comment
Share on other sites

  • 1 month later...
1 hour ago, opentype said:

I still see the same behaviour in 4.7.13.

Have you tried the below?

37 minutes ago, Daddy said:

Alright, so I cleared cache + redis cache + cloudflare cache, and it seems to be working now on Edge and Chrome. I haven't tested Firefox.

 

Link to comment
Share on other sites

Yes. 

My Cloudflare cache rules look like this:

(not http.cookie contains "ips4_member_id" and not http.request.uri contains "journal" and not http.request.uri contains "store" and not http.request.uri contains "weekly/?rss" and not http.request.uri contains "rss/" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "admin" and not http.request.uri contains "modcp" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms")

 

Link to comment
Share on other sites

5 hours ago, opentype said:

Yes. 

My Cloudflare cache rules look like this:

(not http.cookie contains "ips4_member_id" and not http.request.uri contains "journal" and not http.request.uri contains "store" and not http.request.uri contains "weekly/?rss" and not http.request.uri contains "rss/" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "admin" and not http.request.uri contains "modcp" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms")

 

Here's mine for reference:

(not http.cookie contains "ips4_member_id" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "app" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms")
Edited by Daddy
Link to comment
Share on other sites

Those templates are fine. I can change the cache rules to exclude all /index.php URLs. That saves the cookies.

 

But I actually found another issue that happens independent of the browser and Cloudflare: When the cookies are accepted on the homepage, it doesn’t forward to the original page but stays at an empty page. I tested it on all my sites and it consistently happens on the ones who have the Discover Feeds as the homepage. 

Could contain: Page, Text, White Board, File

The browser URL looks like this and stays on this page:

…index.php?app=core&module=system&controller=cookies&do=cookieConsentToggle&ref=aHR0cHM6Ly9zaW5nLnNhbG9u&csrfKey=1303e7ac90e8001c72…

It doesn’t happen on my sites that have the Forums or Pages as the homepage. It also doesn’t happen for a specific subfeed like /discover/6, but only if I am on /. You can test this easily on my sites with the .guru and .salon domains. I keep Cloudlare page rules off for the time being.  

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...