Login popup can’t be loaded on cached pages

  • Resolved Mirco Babini

    (@mirkolofio)


    1 year, 6 months ago

    This happens when the nonce expires.

    action: stm_lms_load_modal
    modal: login
    nonce: 42d8d558ec

    That’s the request which runs when you click on the Login button to open the modal. If that nonce is expired but you are on a cached page, that nonce is still used but it fails load that ajax. Then the login popup is not loaded too. Then the customer is going to contact the customer support to ask what’s going on.

    This is frequently happening when you have a long lasting cache on some pages or when the nonce expiration datetime is just after a recent cache cleanup. Then, it forces you to manually cleanup the cache once again every time a customer contacts the customer support.

    Please, remove that nonce for the modal loading.

    • This topic was modified 1 year, 6 months ago by Mirco Babini.
Viewing 3 replies - 1 through 3 (of 3 total)

  • Hello, @mirkolofio

    The nonce is a security token that is used to prevent unauthorized access to certain actions or data in the plugin.

    If the nonce expires, it can cause issues with loading certain features of the plugin, such as the login popup. This can happen if there is a long-lasting cache on some pages, or if the nonce expiration datetime is just after a recent cache cleanup.

    To fix this issue, the suggestion is to remove the nonce for the modal loading. However, I would not recommend removing the nonce as it is an important security feature that helps protect your website and plugin from unauthorized access.

    Instead, you can try clearing the cache on the affected pages or adjusting the nonce expiration settings in the caching plugin options directly.

    Best regards.

    Thread Starter Mirco Babini

    (@mirkolofio)

    That makes sense but doesn’t solve the issue. You are still placing a nonce verification into an action which does not require a nonce verification at all.

    I perfectly understand the implications of an unsafe ajax request, but that’s just an ajax to load an html form. The nonce verification must be in the following step (the login data submission).

    Also, it’s not possible to act the way you suggested: we placed the Login button in the header of the website, then it’s in every single page of the site. It’s not a matter of which page is cached or not.

    Also, the nonces validity is 12-24 hours but there’s NO alignment with the cache. Even if I refresh the cache every hour at 00, still there are some minutes in which the nonce will not work (from when the nonce expires, to the next 00).

    Then, this is not a solution at all.

    Hi, @mirkolofio

    Thanks for your feedback. We will pass your comment to the development department and if this case is valid, your correction will be applied in future updates.

    Best regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Login popup can’t be loaded on cached pages’ is closed to new replies.