EdgeRules: Bypass Cache Using a Cookie

With StackPath, it is possible to bypass cache based on a Cookie and/or Cookie and value.

When the cookie filter is matched, caching is disabled and the request will pass through the CDN to the origin as a no-cache no-store response.

Use Cases

E-Commerce sites:

E-Commerce sites are dynamic in nature and many pages are dynamically updated based on user actions, new products are being added, and prices change frequently which means the site will display differently based on if a user is signed into the site versus a guest. (for example, logged-in users have their account details displayed which we don’t want to cache).

Bypassing CDN cache for these types of pages will ensure users receive the most updated content. By using this feature, the CDN will not cache personal information or specific shopping cart details, etc.

Using the “Bypass Cache on Cookie” is a simple solution that does not require any development time. Most of these sites will have a specific cookie that can be used to create the relevant rules.

WordPress sites:

StackPath excludes any URL containing /wp-admin/ from CDN cache by default, however some sites' admin pages may be using custom URLs (/admin/ and /abc123/ are a few examples).

Bypassing cache for these admin pages ensures that the WordPress admin bar is displayed for administrative users only.

Wordpress uses different cookies to identify admin logged in users such as:

1. On login, WordPress uses the wordpress_[hash] cookie to store authentication details (limited to the /wp-admin/ area).
2. After login, WordPress sets the wordpress_logged_in_[hash] cookie. This indicates when you’re logged in and who you are.

There are many other examples for the need to customize the caching behavior and bypass cache, using the “bypass cache on cookie” EdgeRule will reduce complexity and can be implemented and deployed in less than a minute.

Finding Your Site's Cookies

Follow the steps below to find the cookies used by your site.

Chrome

1. Log in and navigate to an admin page of your website.
2. Right click the page, then select Inspect.
3. Click the Application tab.
4. Click Cookies to expand the drop-down list.
5. Selecting your domain will reveal your site's cookies.

Firefox

1. Log in and navigate to an admin page of your website.
2. Right click the page, then select Inspect.
3. Click the Storage tab.
4. Click Cookies to expand the drop-down list.
5. Selecting your domain will reveal your site's cookies.

Safari

1. Open the browser, select the Safari drop-down menu from the menu bar, click Preferences, and then select the Advanced tab. At the bottom of the window, mark Show Develop menu in menu bar.
2. Log in and navigate to an admin page of your website.
3. Right click the page, then select Inspect Element.
4. Click the Storage tab.
5. Click Cookies to expand the drop-down list.
6. Selecting your domain will reveal your site's cookies.

Using EdgeRules to bypass cache on Cookie

1. Navigate to Sites > CDN site > EdgeRules. Select Add Delivery Rule.
   
2. Create the following rule:
   IF   Cookie   Matches   wp*=1
   THEN   Bypass Cache

The value can take the following form, multiple cookies can be separated by “,”

<name_pattern> - trigger if name found

Value	Description	Match Examples	Non-Matching Examples
*	match if any cookies exist	Cookie: foo=bar	<no cookies at all>
wp*	match any cookies with a name starting with "wp"	Cookie: wp-value=1; id=123	Cookie: foo=bar
wp*,dv*	match any cookies with a name starting with "wp" or "dv"	Cookie: dv=1; id=123 Cookie: wp=1; id=123	Cookie: fake-wp-value=1; id=123 <no cookies at all>

 

!<name_pattern> - trigger if name not found

Value	Description	Match Examples	Non-Matching Examples
!*	match if no cookies exist	<no cookies at all>	Cookie: foo=bar
!wp*	match when there is no cookie with a name starting with "wp"	Cookie: fake-wp-value=1; id=123 <no cookies at all>	Cookie: type=foo; wp-value=123; id=123
!wp*,!dv*	match when there are no cookies with a name starting with "wp" and "dv"	Cookie: fake-wp-value=1; id=123 <no cookies at all>	Cookie: wp-value=1; id=123 Cookie: dva=1; id=123

 

<name_pattern>=<value_pattern> - match only if name found AND value matches

Value	Description	Match Examples	Non-Matching Examples
wp=1	Match if the cookie name is wp and value is 1	Cookie: wp=1	Cookie: wp=2 Cookie: fake-wp=1
wp*=1	match any cookies with a name starting with "wp" and with a value of 1	Cookie: wp-value=1; id=123 Cookie: wp-any=1; id=123	Cookie: wp-value=2; id=123 Cookie: wp-any=text; id=123 <no cookies at all>
wp*=1,wp*=2	match any cookies with a name starting with "wp" and with a value of 1 or 2	Cookie: wp-value=2; id=123 Cookie: wp-other=1; id=123	Cookie: wp-value=3; id=123 <no cookies at all>
wp*=1,dv*=2	match any cookies with a name starting with "wp" with a value of 1 or cookies with a name starting with "dv" with value 2	Cookie: wp-value=2; id=123 Cookie: dva=1; id=123	Cookie: wp-value=3; id=123 <no cookies at all>

 

<name_pattern>!=<value_pattern> - match if name found AND value doesn't match

Value	Description	Match Examples	Non-Matching Examples
wp*!=1	match any cookies with a name starting with "wp" and with value not equal to 1 (must contain a cookie with a name starting with "wp" to match)	Cookie: wp-value=123; id=123	Cookie: wp-value=1; id=123 Cookie: id=123 <no cookies at all>
wp*!=1,wp*!=2	match any cookies with a name starting with "wp" and with value not equal to 1 or 2 (must contain a cookie with a name starting with "wp" to match)	Cookie: wp-value=123; id=123	Cookie: wp-value=1; id=123 Cookie: id=123 <no cookies at all>
wp*!=1,dv*!=2	match when contains cookies with a name starting with "wp" and with value not 1 and cookies with name starting with "dv" and value not 2 (must contain cookies with name starting with "wp" and "dv" to match)	Cookie: wp-value=123; dv=other; id=123	Cookie: wp-value=3; id=123 Cookie: wp=3 <no cookies at all>

 

!<name_pattern>=<value_pattern> - match if name not found OR name found and value doesn't match

Value	Description	Match Examples	Non-Matching Examples
!wp*=1	match any cookies with a name starting with "wp" and with value not equal to 1	Cookie: wp-value=123; id=123 Cookie: id=123 <no cookies at all>	Cookie: wp-value=1; id=123
!wp*=1,!dv*=2	match when contains cookies with a name starting with "wp" do not have value 1 and cookies with a name starting with "dv" do not have value 2	Cookie: wp-value=123; id=123 Cookie: id=123 <no cookies at all> Cookie: wp-value=2; id=123 Cookie: dva=2; id=123

Bypass Cache via the API

To learn more about getting started with the StackPath API, check out our guides and interactive reference.

The same bypass-cache EdgeRules can be created via the API. Below is an example EdgeRule for a WordPress and Woocommerce site.

Create Custom EdgeRule on Scope

REQUEST

METHOD: POST

Endpoint: https://gateway.stackpath.com/cdn/v1/stacks/{stack_id}/sites/{site_id}/scopes/{scope_id}/rules

Request Body:

{
  "name":"bypass wordpress cache",
  "slug":"bypass-wordpress-cache",
  "configuration": {
    "bypassCache": [
      {
        "enabled":true,
        "methodFilter":"*",
        "pathFilter":"*",
        "headerFilter":"*",
        "cookieFilter":"wp-*,wordpress*,comment_*,woocommerce_*"
      }
    ]
  }
}

The purpose of the above rule is to bypass the cache when common WordPress cookies are present:

1. wp-*: Matches all cookies which begin with "wp-", e.g. wp-settings
2. wordpress*: Matches all cookies which begin with "wordpress", e.g. wordpress_logged_in
3. comment_*: Matches all cookies which begin with "comment_", e.g. comment_author_email
4. woocommerce_*: Matches all cookies which begin with "woocommerce", e.g. woocommerce_items_in_cart

Test EdgeRule

You can test this rule by running a curl/request against your site to test:

1. curl -ILk https://domain.com/path_to_static_file.css -A "Chrome"
2. curl -ILk https://domain.com/path_to_static_file.css -A "Chrome" -H "cookie:woocommerce_items_in_cart=1"

The first example curl should return an x-hw header ending in .c, indicating that the asset was cached. You may need to run it a second time if the asset is not in cache for your first request.

The second example curl should return an x-hw header ending in .p, indicating that the asset was proxied.