- Forum
- Main Forum
- English Section
- Word Press
- WordPress Product Pages Returning PHPSESSID and No-Cache Headers Behind Cloudfla
WordPress Product Pages Returning PHPSESSID and No-Cache Headers Behind Cloudfla
- infogate
-
Συντάκτης θέματος
- Αποσυνδεμένος
- Administrator
-
- Imagination is the beginning of creation
23 Ώρες 20 Λεπτά πριν #336
από infogate
The best possible way to start your online marketing : fspirits.com/go/leadsleap-home
Explode Your Web Site Traffice: fspirits.com/go/sparktraffic
Start your affiliate journey here: fspirits.com/go/olsp-academy
Best Solution To Create Videos: fspirits.com/go/create-studio-pro
Best Solution To Create Graphics: fspirits.com/go/clickdesigns
Smart Chat Automation: fspirits.com/go/chatterpal
Multi-Purpose Video Maker: fspirits.com/go/avatar-builder
Multi-Purpose Video Creator: fspirits.com/go/video-creator
AI Human Spokesperson Videos: fspirits.com/go/humanpal
WordPress Product Pages Returning PHPSESSID and No-Cache Headers Behind Cloudfla δημιουργήθηκε από infogate
I recently discovered an issue on one of my WordPress/WooCommerce product pages where Cloudflare was always showing the page as dynamic and not cache-friendly.The page itself was loading correctly and returned, so it was not a direct SEO blocking issue. However, the headers showed that something in WordPress was starting a PHP session for normal public visitors.The problematic headers looked like this:
The result was:
Why This Is a ProblemThe page was accessible, so Google and normal visitors could still reach it.However, thecookie was being created even for public visitors. Once PHP starts a session, it often sends no-cache headers like:
This makes Cloudflare and other caching systems treat the page as dynamic. As a result, WooCommerce product pages may not be cached properly, which can hurt performance.This is not necessarily an indexing problem, but it is definitely a performance and cache optimization issue.First SEO CheckBefore assuming the page is blocked, I tested it with normal curl, Googlebot user agent, and browser user agent:
All returned:
So the page was not blocked for visitors or Googlebot.Finding the Plugin That Started the SessionFrom the WordPress root directory, I searched forinside plugins and themes:
This revealed the main suspect:
There were other results from WooCommerce, W3 Total Cache, Health Check, and Social Auto Poster, but those were not necessarily starting sessions globally. The strongest suspect was the plugin file that started a session very early on.The original code looked like this:
The Problem With This CodeThe function was hooked towith priority, so it was running very early.Also, when the plugin option was set to, it could start a PHP session even for normal public visitors.That meant every product page could get acookie and no-cache headers.The Safer FixFirst, I created a backup:
Then I replaced the original session function with this safer version:
What This Fix DoesThis version allows sessions only when they are more likely to be needed:
This prevents normal visitors and bots from receiving unnecessarycookies.Important: Restart PHP-FPM / Clear OPcacheAfter editing the file, the headers did not change immediately. The old code was probably still loaded by OPcache/PHP-FPM.On my server, the site was using PHP 8.3, so I restarted:
If you are not sure which PHP-FPM service your server uses, check with:
Depending on the server, the service may be something like:
Final TestAfter restarting PHP-FPM, I tested again:
The result no longer included:
Only this remained:
This means the session/no-cache problem was fixed.Cloudflare may still showdepending on WooCommerce, W3 Total Cache, and Cloudflare cache rules, but the important part is that WordPress is no longer forcing a session cookie and no-cache headers for public visitors.ConclusionThe issue was not Cloudflare itself.Cloudflare was only showing that the page was dynamic because WordPress/PHP was sending session and no-cache headers.The real cause was a plugin starting PHP sessions globally on public pages.After limitingto admin or logged-in frontend users only, the unwantedcookie disappeared and the product page became much more cache-friendly.This is an important thing to check if your WordPress or WooCommerce pages show:
A simplesearch insideandcan quickly reveal which plugin is starting PHP sessions unnecessarily.
HTTP/2 200curl -I https://example.com/product/my-product/ | grep -i "http\|cache\|cookie\|cf-cache"HTTP/2 200
set-cookie: PHPSESSID=xxxxxxxxxxxx; path=/
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMICPHPSESSIDcache-control: no-store, no-cache, must-revalidate
pragma: no-cachecurl -I https://example.com/product/my-product/
curl -A "Googlebot" -I https://example.com/product/my-product/
curl -A "Mozilla/5.0" -I https://example.com/product/my-product/HTTP/2 200session_startcd /home/USER/public_html
grep -R "session_start" wp-content/plugins wp-content/themes -nwp-content/plugins/ap-plugin-scripteo/lib/functions.php:8: session_start();initadd_action('init', 'bsaStartSession', 1);
function bsaStartSession()
{
if ( !session_id() && !headers_sent() && get_option('bsa_pro_plugin_editable') == 'backend' ||
!session_id() && !headers_sent() && get_option('bsa_pro_plugin_editable') == 'frontend' ) {
session_start();
}
}init1frontendPHPSESSIDcp wp-content/plugins/ap-plugin-scripteo/lib/functions.php wp-content/plugins/ap-plugin-scripteo/lib/functions.php.bakadd_action('init', 'bsaStartSession', 1);
function bsaStartSession()
{
if ( headers_sent() || session_id() ) {
return;
}
$editable = get_option('bsa_pro_plugin_editable');
if ( is_admin() && $editable === 'backend' ) {
session_start();
return;
}
if ( is_user_logged_in() && $editable === 'frontend' ) {
session_start();
return;
}
}Backend editing: session can start inside wp-admin
Frontend editing: session can start only for logged-in users
Normal public visitors: no PHP session
Googlebot: no PHP session
Cloudflare cache: better chance to workPHPSESSIDsystemctl restart php-fpm83systemctl list-units --type=service | grep -i phpsystemctl restart php-fpm82
systemctl restart php-fpm83
systemctl restart php-fpm74curl -I https://example.com/product/my-product/ | grep -i "http\|cache\|cookie\|cf-cache"set-cookie: PHPSESSID=...
cache-control: no-store, no-cache, must-revalidate
pragma: no-cacheHTTP/2 200
cf-cache-status: DYNAMICDYNAMICsession_start()PHPSESSIDset-cookie: PHPSESSID
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMICgrepwp-content/pluginswp-content/themesThe best possible way to start your online marketing : fspirits.com/go/leadsleap-home
Explode Your Web Site Traffice: fspirits.com/go/sparktraffic
Start your affiliate journey here: fspirits.com/go/olsp-academy
Best Solution To Create Videos: fspirits.com/go/create-studio-pro
Best Solution To Create Graphics: fspirits.com/go/clickdesigns
Smart Chat Automation: fspirits.com/go/chatterpal
Multi-Purpose Video Maker: fspirits.com/go/avatar-builder
Multi-Purpose Video Creator: fspirits.com/go/video-creator
AI Human Spokesperson Videos: fspirits.com/go/humanpal
Παρακαλούμε Σύνδεση ή Δημιουργία λογαριασμού για να συμμετάσχετε στη συζήτηση.
- Forum
- Main Forum
- English Section
- Word Press
- WordPress Product Pages Returning PHPSESSID and No-Cache Headers Behind Cloudfla
Χρόνος δημιουργίας σελίδας: 0.100 δευτερόλεπτα