-
Notifications
You must be signed in to change notification settings - Fork 924
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set-Cookie header bypass caches #1029
Comments
Deciding whether cookies allow a cache bypass is the responsibility of your cache configuration, not, say, the auth module. You should be able to set it up there. |
Can we get back to this? While its the responsibility of the cache configuration to decide whether cookies allow a bypass cache. In this case, the issue seems like the auth module sets the following cookie for every response even if there is no user to authenticate. It should set auth strategy cookie once along the
(I'm using local strategy). |
Feel free to log an issue for "cookie should not be set if the user isn't logged in" -- that's a separate issue from this one |
With cookie-based authentication, the header
Set-Cookie
is in the response headers on every SSR pages.Set-Cookie auth.strategy=laravelSanctum; Path=/
Even pages that don't need authentication.
Why is it a problem ?
Because this header
Set-Cookie
is special, it bypass all caches, like Nginx cache or Varnish cache (doc links below).Consequences are higher response time and it's quite bad for SEO.
Is it possible to add a config option for disable header
Set-Cookie
on SSR pages only ?Docs :
Nginx : https://www.nginx.com/blog/nginx-caching-guide/
Varnish : https://varnish-cache.org/docs/3.0/tutorial/cookies.html
And thanks for this module 👍
The text was updated successfully, but these errors were encountered: