Wordpress LScache Plugin: Exclude WooCommerce Cookies? Customers have seen each others data
1. I had the issue that on a WooCommerce Shop + Elementor customers on a were able to see each others adresses, Cart items and orders. As the previous webmaster used some non-standard checkout URLs with an -2, I excluded them: /add-payment-method/ /add-return-shipment/ /cart/ /checkouts/ /delete-payment-method/ /edit-account/ /kasse-2/ /kasse/ /mein-konto-2/ /mein-konto-2/adresse-bearbeiten/ /mein-konto-2/bestellungen/ /mein-konto/ /mein-konto/adresse-bearbeiten/ /mein-konto/bestellungen/ /order-pay/ /order-received/ /orders/ /set-default-payment-method/ /view-order/ /view-shipments/ /warenkorb-2/ /warenkorb/Expand Is it necessary to use the subfolder /mein-konto-2/bestellungen/ or can I just go with /mein-konto-2/ and it excludes every other subfolder automatically? 1. Do I still need to exclude Cookies mentioned in the WooCommerce Docs to prevent a data breach ? https://woocommerce.com/document/woocommerce-cookies/ https://woocommerce.com/document/configuring-caching-plugins/ Ive excluded the following: woocommerce_cart_hash woocommerce_items_in_cart wp_woocommerce_session_ woocommerce_recently_viewed wp-wpml_current_language woolentor_already_views_count_product woolentor_viewed_products_list If I exlude these plugins cache shows me: x-litespeed-cache-control: no-cache What would you recommend? Hi, please provide the report number you can get it in toolbox -> report -> click send to LiteSpeed Best regards, Report Number: SISVLWOU Do you need the DoLogin Security Plugin installed? At least the two cookie excludes wont let the cache hit: woocommerce_cart_hash wp-wpml_current_language Was the report helpful @CacheCrawler ? I wonder how that happens in the first place please try disable object cache, purge all , and see if it still happens 1) you can use partial match that is common or base for all of these URIs 2) excluding cookie would work , but Id suggest to try object cache OFF first Would you like to have a closer look? 1) /mein-konto-2/ would include /mein-konto-2/adresse-bearbeiten/, right? 2) What does the Redis Object cache have to do with this situation? (just out of curiosity) 1)yes 2) depends on plugins how to use it , I have seen cases before where they dont differentiate the data and just store there, and when retrieve it , it gets old or incorrect data , but just to try