Cloudways Woocommerce, Varnish, PHPSESSID Issues


I’m using the woocommerce super socializer plugin. The FB login did not work when Varnish was enabled giving cross-site session id issue. Cloudways support diagnosed the issue was the PHPSESSID cookie and added it to the exclusion list in Varnish. The FB login started working.

However after excluding PHPSESSID, the Varnish never shows a hit in the X-cache headers. It always returned a miss with age 0. Essentially making the Varnish unusable.

Please suggest me solution to this problem.


I have had the same results using

I was making progress in studying what was going on but had to turn to other things… so currently I have just left Varnish inactive and my site performs pretty well so I’m happy for the time being without it.

Here are a few notes I made to myself about how to study how it works. These are to the best of my understanding but I may still not be 100% accurate.

To understand what Varnish is actually doing you have to look at the rules they have set up. To do this:

  • logon to the server with SSH.
  • Type:
    CD …/…/…/ (to go to the top)
    CD etc
    CD varnish
    the rules are all there in various files. For example, go to
    CD recv
    note how there are rules called wordpress (if you created the server as a wordpress server) or woocommerce (if you creatred the server as a wordpress + woocommerce server). Here is a screenshot of the woocommerce one.

Note: there is already a rule in there for PHPSESSIONID.

More notes to myself

  1. Use Varnish *PLUS the wordpress cache plugin (e.g. Breeze). When varnish doesn’t do it’s thing, then the plugin gets a chance to do it and it’s way better to have that than nothing (i.e. better than uncached wordpress). If you are using Breeze (or W3TC with the debug option) go view source and scroll to bottom to see the comment that it puts there when it serves a cached page. This confirms that you’ve got that working. Another advantage is that the plugin will (if the plugin’s “proxy server” options are enabled in settings) tell varnish to purge every time you edit a page or a post which is great because then varnish will never serve up outdated content.

  2. In your browser, press PF 12 (debugger) and then go to Network. Reload your page. Inspect the topmost entry in the log (i.e.where the actual page gets loaded…not all the other entries that load all the images or css, etc.).

a) Look at “headers”. Look for “X-CACHE”. “HIT” means varnish hit. “MISS” means varnish miss. (I believe you have used this and saw MISS and that is how you came to ask your question).

b) IF it says MISS, then go to Cookies. If Varnish sees cookies then it will automatically MISS (i.e. if it sees cookies that are additional to the ones it has been programmed to either ignore or remove entirely). <---- I BELEIVE THIS IS THE PROBLEM we are experiencing.

I have tried go into the cloudways admin panel and add Varnish rules there to get it working (i.e. not missing so much on other pages… but also not causing the social login to malfunction due to being cached when it shouldn’t be).

I never could get it to work properly. But I may just have needed more time to do tests.

c) Note: Going back to the SSL session you can type in commands like varnishlog and see the actual page requests to the server and how varnish responds. In doing so I noticed there is not just “HIT” or “MISS” but a frustrating thing called “HIT FOR PASS” which seems to mean “you have done everything right and it should get a HIT but varnish has decided to make it a MISS anyway”. That got me discouraged and I turned to other things.

Thanks a lot for detailed sharing of your experience. I’m yet to try out the suggestions you have given. Currently Breeze is giving problem with ‘my account’ feature and yith wishlist which the cloudways team is fixing now.

I’ll try these once the fix the breeze issue.

Thanks again for sharing the locations of the vcl files. So far, the varnish settings have been working like a blackbox. With this able to see inside. Yes it has been very frustrating to get varnish and breeze work fine. I would like to use W3TC to take advantage of the memcached and opcode cache backends that the cloudways offers.

I have also written to the plugin author for any workaround.

There is a similar issue with PHPSESSID preventing varnish from working with another plugin. Looks like the author has fixed it subsequently.

Would share the experience after the current breeze plugin is resolved.


Just an update. The worpdress Super Socializer Plugin vendor has since fixed the above mentioned issue of needing to have PHPSESSID bypassed in Varnish and released an update. Now it’s working fine. Thanks for your detailed info. You may want to try this updated plugin.

1 Like