nonce, caching and ajax oh my

  • I’m creating a plugin and I have a form that displays on the front end of the wp site and I use ajax to submit it back to the backend. I’m having an issue when using a caching plugin where the nonce is invalid because of the cached page being server.

    Are there any best practices to get around this short of not using a nonce?

    I have search and so far have not found anything.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Can any visitor use the form on the front end? I’m not an expert (so hopefully an expert corrects me if I’m wrong) but, if so, I believe the best you can do is validate/escape any input and sanitize any later output. Nonces are really only to protect users from being tricked into performing unwanted actions; if your taking information from the front end and storing it in the database I don’t think nonces are necessary.

    Thread Starter John Turner

    (@johnnytee)

    yes, when the nonce is valid it works. Only after the nonce expire and a cached version is displayed does it break.

    I do validate and escape the request so maybe Ill skip nonce on the front end.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘nonce, caching and ajax oh my’ is closed to new replies.