cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GoDaddy caching pages that contain nonces for forms

I have a custom plugin I developed for a client with a managed WordPress account. It contains a form that does an ajax request to fetch some information based on the information in the form. To ensure I protect my client from cross-site forgery requests, I need wp_localize_script() to add a nonce to the page. My JavaScript then grabs this nonce out of the object and passes it to the PHP script.

HOWEVER, it appears this is a problem with GoDaddy's caching system as nonces expire after 12 hours. So 12 hours later, this feature no longer works because it's still providing the expired nonce to the script. A manual cache flush fixes this, but I can't expect my client to flush cache every 12 hours. Is there a way to prevent GoDaddy caching wp_localize_script()? I could also try wp_nonce_field() and see if maybe that stops the caching behaviour, but I doubt it.

The only solution I can see doing is to redirect all traffic to this page to append the query string ?nocache=1 which sounds sloppy and potentially problematic to me. Any other ideas?

2 REPLIES 2
Helper VI
Helper VI

Re: GoDaddy caching pages that contain nonces for forms

Hi @melissa_g, welcome to the community! Smiley Happy

 

Do you, by any chance have access to the GD Cache plugin?

If so, I'd do as follows:

  1. Take a look at the plugin and find where does it calls to clear cache
  2. In your plugin, add a check for if the plugin X exists, then clear cache. Then generate the nonce

I know it's not exactly what you're looking for, since they should not be cached in the first place, but could be a solution for particular issue.

 

Hope it helps!

 

 

If you find my replies helpful, give me a like or kudo Smiley Happy
And if I solved your issue, mark it as solution Smiley Very Happy

Re: GoDaddy caching pages that contain nonces for forms

Thanks! This actually gives me some ideas. 

If I can find the method to call in my code, I can set a cron job that runs every 12 hours and clears the cache for me. That way it's not happening on each page request. I'll look into that in the AM and see if that leads me anywhere.