From a865a13940bb863553878cad0a1580f51ecbb022 Mon Sep 17 00:00:00 2001 From: jknapp Date: Fri, 26 Jun 2026 20:58:23 -0700 Subject: [PATCH] fix(shared-ols): never cache logged-in pages (disable tier private cache) OLS tier had enablePrivateCache=1 + checkPrivateCache=1 at module scope on the assumption that with no LiteSpeed Cache WP plugin nothing would be cached. In practice OLS privately cached logged-in / cookie-bearing responses regardless of the plugin, serving stale wp-admin pages for the full privateExpireInSeconds TTL (observed: a WordPress 'automated update failed' nag persisting after the cause was cleared). Disable private caching at the tier (enablePrivateCache 0 + checkPrivateCache 0) so logged-in pages are always served fresh. Public/anonymous caching is unchanged (enableCache 1 + checkPublicCache 1), still honored from the plugin's X-LiteSpeed-Cache-Control headers. Co-Authored-By: Claude Opus 4.8 (1M context) --- configs/shared-ols/httpd_config_base.tpl | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/configs/shared-ols/httpd_config_base.tpl b/configs/shared-ols/httpd_config_base.tpl index 0b7e09e..6158943 100644 --- a/configs/shared-ols/httpd_config_base.tpl +++ b/configs/shared-ols/httpd_config_base.tpl @@ -23,13 +23,20 @@ useIpInProxyHeader 1 ## LSCache enabled at MODULE scope for the whole tier (dedicated cache volume, ## ephemeral across rebuilds; OLS auto-keys a per-vhost subdir under storagePath). -## enableCache/enablePrivateCache ON here means the cache module is ACTIVE, but a -## response is only cached if it's marked cacheable — the LiteSpeed Cache WP -## plugin sets X-LiteSpeed-Cache-Control headers, and checkPublic/PrivateCache + -## ignoreRespCacheCtrl=0 make OLS honor them. No plugin → nothing cached (safe). +## PUBLIC (anonymous) caching ONLY: enableCache 1 + checkPublicCache 1 let OLS +## serve cacheable, non-logged-in responses marked by the LiteSpeed Cache WP +## plugin's X-LiteSpeed-Cache-Control headers (ignoreRespCacheCtrl=0 honors them). +## +## PRIVATE caching is intentionally OFF (enablePrivateCache 0 + checkPrivateCache 0). +## Logged-in / cookie-bearing pages must NEVER be cached at the tier. We previously +## left enablePrivateCache=1 assuming "no plugin -> nothing cached," but that was +## WRONG: with private storage + reqCookieCache on, OLS privately cached logged-in +## responses regardless of plugin, serving stale wp-admin (e.g. a "failed update" +## nag that persisted for the full privateExpireInSeconds TTL). Keeping private +## cache off guarantees logged-in pages are always served fresh. module cache { storagePath ${LSCACHE_ROOT} - checkPrivateCache 1 + checkPrivateCache 0 checkPublicCache 1 maxCacheObjSize 10000000 maxStaleAge 200 @@ -39,6 +46,6 @@ module cache { ignoreReqCacheCtrl 0 ignoreRespCacheCtrl 0 enableCache 1 - enablePrivateCache 1 + enablePrivateCache 0 } ## ---- end shared-ols server append ----