Wrong customer data received from section/load controller, data should not be cached
Closed this issue · 6 comments
magento 2.4.4
litespeed/module-litemage 2.1.9
We have an issue with customer data caching when it's not required.
This results wrong customer data load and several issues, for example minicart items are from another cached customer.
force_new_section_timestamp param doesn't help.
Controller contains no cache headers, but that doesn't affect litemage.
vendor/magento/module-customer/Controller/Section/Load.php
$resultJson = $this->resultJsonFactory->create();
$resultJson->setHeader('Cache-Control', 'max-age=0, must-revalidate, no-cache, no-store', true);
$resultJson->setHeader('Pragma', 'no-cache', true);
try {
$sectionNames = $this->getRequest()->getParam('sections');
$sectionNames = $sectionNames ? array_unique(\explode(',', $sectionNames)) : null;
$forceNewSectionTimestamp = $this->getRequest()->getParam('force_new_section_timestamp');
if ('false' === $forceNewSectionTimestamp) {
$forceNewSectionTimestamp = false;
}
$response = $this->sectionPool->getSectionsData($sectionNames, (bool)$forceNewSectionTimestamp);
} catch (\Exception $e) {
$resultJson->setStatusHeader(
\Laminas\Http\Response::STATUS_CODE_400,
\Laminas\Http\AbstractMessage::VERSION_11,
'Bad Request'
);
$response = ['message' => $this->escaper->escapeHtml($e->getMessage())];
}
return $resultJson->setData($response);
Url:
site.com/de/customer/section/load/?sections=customer,compare-products,last-ordered-items,cart,directory-data,captcha,instant-purchase,loggedAsCustomer,persistent,review,wishlist,faq,ammessages,recently_viewed_product,recently_compared_product,product_data_storage,paypal-billing-agreement,messages&force_new_section_timestamp=false&_=1669296765171&test=1
First response headers:
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 14:44:20 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
set-cookie: PHPSESSID=tmdpj9eq3s9kc8f0guarr84d52; expires=Thu, 24-Nov-2022 15:44:20 GMT; Max-Age=3600; path=/; domain=stage.amorana.ch; HttpOnly; SameSite=Lax; secure
set-cookie: form_key=CCX4LEDQqpDizeHJ; expires=Thu, 24-Nov-2022 15:44:20 GMT; Max-Age=3600; path=/; domain=stage.amorana.ch; SameSite=Lax; secure
set-cookie: X-Magento-Vary=9bf9a599123e6402b85cde67144717a08b817412; expires=Thu, 24-Nov-2022 15:44:20 GMT; Max-Age=3600; path=/; secure; HttpOnly; SameSite=Lax
expires: Fri, 25 Nov 2022 14:44:20 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-litemage-debug-cc:
x-litemage-debug-tag:
x-litemage-debug-info: ajax with random string
x-litemage-debug-vary: customer_group=1&customer_logged_in=1
x-ua-compatible: IE=edge
etag: W/"966-1669301060;;;"
x-lsadc-cache: miss
x-turbo-charged-by: LiteSpeed
x-robots-tag: noindex, nofollow
content-encoding: br
cache-control: s-maxage=10
X-Firefox-Spdy: h2
Second response headers:
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 14:44:22 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
expires: Fri, 25 Nov 2022 14:44:20 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-litemage-debug-cc:
x-litemage-debug-tag:
x-litemage-debug-info: ajax with random string
x-litemage-debug-vary: customer_group=1&customer_logged_in=1
x-ua-compatible: IE=edge
etag: W/"966-1669301060;;;"
x-lsadc-cache: hit
x-turbo-charged-by: LiteSpeed
x-robots-tag: noindex, nofollow
content-encoding: br
X-Firefox-Spdy: h2
Correct data can be loaded only with unique GET param to avoid caching.
This header "x-litemage-debug-info: ajax with random string" means it's not cacheable. If you purge all first, and you can still reproduce this, Please create a ticket for this.
Hi @litespeedtech I have the same issue. Any update on this issue?
On litemage side, it did not claim cacheable. Not sure how it get cached. please join our slack and DM me @litespeed.lauren.
@quochuy1508
We fixed this in
vendor/magento/module-customer/Controller/Section/Load.php
by adding X-Litespeed-Cache-Control header
--- Controller/Section/Load.php
+++ Controller/Section/Load.php
@@ -67,6 +67,7 @@
$resultJson = $this->resultJsonFactory->create();
$resultJson->setHeader('Cache-Control', 'max-age=0, must-revalidate, no-cache, no-store', true);
$resultJson->setHeader('Pragma', 'no-cache', true);
+ $resultJson->setHeader('X-Litespeed-Cache-Control', 'no-cache', true);
try {
$sectionNames = $this->getRequest()->getParam('sections');
$sectionNames = $sectionNames ? array_unique(\explode(',', $sectionNames)) : null;
for litespeed server product, if no 'X-Litespeed-Cache-Control' header exists, it should be treated as no-cache. Are you using lsws or adc? we need to check if it's a server bug or server config issue.
The initial example in the response has this line
cache-control: s-maxage=10
This caused trouble, where there's no 'X-Litespeed-Cache-Control' header, LiteSpeed server will respect regular cache-control header. Not sure what plugin inserted that header. In latest v2.2 release, we explicitly set "X-Litespeed-Cache-Control: no-cache" header, this should be resolved.