Invalid nonce

Hi @converted,

invalid nonce message indicates that the nonce submitted with the rating was not valid. This typically happens if you cache your pages for more than 24 hours as WordPress nonces are valid for 24 hours. Check you cache settings and make sure that cache gets cleared at least every 24 hours.

Regards,
Blaz

I didn’t have such problems with the previous 2.x version, so keep that in mind.

Hello,

“invalid nonce” message appeared again how to exclude it from lite speed cache?

You should do the option to exclude your plugin from cache.

• This reply was modified 5 years, 1 month ago by converted.

You can’t just exclude one plugin from cache. Contact LiteSpeed cache support and ask them how to set the plugin so that the cache gets cleared every 24 hours. That’s vital with WordPress as nonces are valid for 24 hours and if you utilize page caching they get cached. Hence, no plugin that utilizes nonces will work on the website. And most plugins that handle some kind of front-end submission (rating, contact forms etc.) utilize nonces.

Regards,
Blaz

I found out from the litespeed cache support to add this shortcut [esi ratemypost ttl = “0”] to all my pages, I did it manually by inserting this shortcut for each page with your rating.

But how to do it for all my posts if I chose the option “Add rating widget to all posts” ? Where in the code should I inject this shortcut ?

• This reply was modified 5 years, 1 month ago by converted.

The automatic option utilizes the_content filter and not shortcodes, so that is not possible. Nevertheless, excluding the rating widgets from cache is not the right way to go about this. The problem is nonce which is printed to html pages using wp_localize_script function. Hence, even if you exclude the “rating widgets from cache”, you will still be getting invalid nonce error. If anything, you should exclude nonce from cache. The right (and probably easier) way is to ensure that page cache is cleared at least every 24 hours.

Regards,
Blaz

• This reply was modified 5 years, 1 month ago by Blaz K..

My cache is cleared every 7-14 days on CDN Cloudflare, 24 hours cache is too short for me.

Hmm, but what exactly are you caching with Cloudflare? By default Cloudflare caches only static resources which is not a problem. The problem is page cache which doesn’t clear for more than 24 hours. This means that nonce is not up-to-date after 24 hours and is thus not valid.

Blaz

I have the same exact problem.

I’m using Cloudflare (4 hours expiration) and WP Rocket (10 hours regeneration of cache).

What should I do?

Thanks.

I’ve uninstalled this plugin and all problems are gone.

Hi @emarketmedia,

as described above this issue is most often caused if a page is cached for more than 24 hours. Now, it can be tricky to figure out what component of your website/server is caching pages for more than 24 hours. Therefore, the best way to debug this would be to disable plugins one by one and trying if the invalid nonce error is gone. If it’s not then you’ll know that the error is connected to server(s) – origin or Cloudflare. Cloudflare could be a problem if you are caching static html with it as described here (https://support.cloudflare.com/hc/en-us/articles/236166048-Caching-Static-HTML-with-WordPress-WooCommerce). In this case TTL should be set lower, for example to 12 hours.

Regards,
Blaz

Cloudflare is set on 4 hours and WP-Rocket is set on 10 hours. Also in past I was using another rating plugin without any problem

• This reply was modified 4 years, 11 months ago by emarketmedia.

If you don’t want to change the cache time. You can change the nonce expiration time with this filter.
add_filter( 'nonce_life', function () { return 7 * DAY_IN_SECONDS; } );

It would make the nonce less useful than it already is.

• This reply was modified 4 years, 9 months ago by ctrlaltdelete.