fix(shared-ols): never cache logged-in pages (disable tier private cache) #20

Merged
jknapp merged 1 commits from fix/shared-ols-no-logged-in-cache into trunk 2026-06-27 04:04:49 +00:00
Owner

Problem

The shared-OLS tier set enablePrivateCache 1 + checkPrivateCache 1 at module scope, on the assumption (per the old comment) that "no plugin → nothing cached." That proved false in production: with private storage + reqCookieCache on, OLS privately cached logged-in / cookie-bearing responses regardless of whether the LiteSpeed Cache WP plugin was present.

Observed on a customer site: after a leftover .maintenance flag was removed, WordPress's "An automated WordPress update has failed to complete" admin nag kept showing — OLS was serving the logged-in wp-admin page from private cache for the full privateExpireInSeconds (3600s) TTL. WordPress itself was clean.

Fix

Disable private caching at the tier:

  • enablePrivateCache 1 → 0
  • checkPrivateCache 1 → 0

Logged-in / cookie-bearing pages are now always served fresh. Public/anonymous caching is unchanged (enableCache 1 + checkPublicCache 1), still honored from the plugin's X-LiteSpeed-Cache-Control headers. Comment rewritten to document the corrected behavior and the failure it prevents.

Scope / rollout

  • One file: configs/shared-ols/httpd_config_base.tpl (rendered into each shared-OLS container's httpd_config.conf at startup).
  • Merging to trunk triggers the image build; rolling deploy picks it up. Each shared-ols container applies it on its next render/restart.
  • Immediate customer symptom is already mitigated by installing the LiteSpeed Cache plugin (it does not cache logged-in users by default); this is the durable, plugin-independent guarantee for the whole tier.

Branched off clean trunk — does not touch the in-progress shared-ols/lsphp refactor in the working tree.

## Problem The shared-OLS tier set `enablePrivateCache 1` + `checkPrivateCache 1` at module scope, on the assumption (per the old comment) that "no plugin → nothing cached." That proved **false in production**: with private storage + `reqCookieCache` on, OLS privately cached logged-in / cookie-bearing responses regardless of whether the LiteSpeed Cache WP plugin was present. Observed on a customer site: after a leftover `.maintenance` flag was removed, WordPress's "An automated WordPress update has failed to complete" admin nag kept showing — OLS was serving the logged-in wp-admin page from private cache for the full `privateExpireInSeconds` (3600s) TTL. WordPress itself was clean. ## Fix Disable private caching at the tier: - `enablePrivateCache 1 → 0` - `checkPrivateCache 1 → 0` Logged-in / cookie-bearing pages are now always served fresh. Public/anonymous caching is unchanged (`enableCache 1` + `checkPublicCache 1`), still honored from the plugin's `X-LiteSpeed-Cache-Control` headers. Comment rewritten to document the corrected behavior and the failure it prevents. ## Scope / rollout - One file: `configs/shared-ols/httpd_config_base.tpl` (rendered into each shared-OLS container's `httpd_config.conf` at startup). - Merging to `trunk` triggers the image build; rolling deploy picks it up. Each `shared-ols` container applies it on its next render/restart. - Immediate customer symptom is already mitigated by installing the LiteSpeed Cache plugin (it does not cache logged-in users by default); this is the durable, plugin-independent guarantee for the whole tier. Branched off clean `trunk` — does not touch the in-progress shared-ols/lsphp refactor in the working tree.
jknapp added 1 commit 2026-06-27 04:04:01 +00:00
OLS tier had enablePrivateCache=1 + checkPrivateCache=1 at module scope on the
assumption that with no LiteSpeed Cache WP plugin nothing would be cached. In
practice OLS privately cached logged-in / cookie-bearing responses regardless of
the plugin, serving stale wp-admin pages for the full privateExpireInSeconds TTL
(observed: a WordPress 'automated update failed' nag persisting after the cause
was cleared).

Disable private caching at the tier (enablePrivateCache 0 + checkPrivateCache 0)
so logged-in pages are always served fresh. Public/anonymous caching is unchanged
(enableCache 1 + checkPublicCache 1), still honored from the plugin's
X-LiteSpeed-Cache-Control headers.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
jknapp merged commit cc72fda741 into trunk 2026-06-27 04:04:49 +00:00
jknapp deleted branch fix/shared-ols-no-logged-in-cache 2026-06-27 04:04:49 +00:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cloud-hosting-platform/cloud-apache-container#20