Reset password loop in Woocommerce (Varnish?)


#1

Dear all,
I am running several woocommerce setup and we discovered that there is a password reset loop blocking users to change their password.

I found several posts pointing varnish, but none giving exactly wich URLs should be changed to fix it.

Any help or suggestions?

H


#2

Hi there,

Thanks for writing to us. Let me explain, here at Cloudways, we have defined Varnish rules by following Wordpress and Woocommerce standards. We have excluded the non-cacheable URLs and Cookies already. If you are using any sort of plugin or theme which is rewriting non-cacheable pages and/or generating some extra cookies which should be excluded from caching. To eliminate these sort of issues, we have introduced the feature to exclude/include your desired cookies and URLs from Varnish cache server. For your better assistance, we have created the following docs:

For URLs: https://support.cloudways.com/how-to-exclude-url-from-varnish/
For cookies: https://support.cloudways.com/how-to-include-or-exclude-cookies-from-varnish/

Thanks


#3

We experienced this ourselves after moving a WooComm site to CW, and I think it has to do with a cookie issue on the pwd reset page. The reset page is, if I’m not remembering wrong, on the /wp-login.php page with some added query string. Excluding that URL from varnish might help you out with this. Not entirely sure, but something along those lines (excluding the page you end up on after following a pwd reset link) might resolve this.


#4

@daniel Thank you much more appreciated.


#6

I got the same problem after enabling Varnish (had similar problem with WooCommerce Cart widget).

The password reset cookie is in form “wp-resetpass-80ae903e49571ef4dd7a8aaeXXXXXXXX” and it’s not getting received via password reset email link when Varnish is first enabled. Found out this with Chrome Edit This Cookie while the Varnish was off.

This was fixed by adding regex cookie exclude rule “wp-resetpass-.?”.


#7

Thanks @jarkko.saltiola
This solved my issue! I couldn’t figure out what the issue was until I saw your comment.

Have a great week!

@Cloudways, when activating varnish on any woocommerce site this cookie should automatically be excluded so that this kind of issue doesn’t appear in the first place.

regex cookie exclude rule “wp-resetpass-.?”


#8

Just nothing that the .? at the end of the regex is useless. Here is the way cookies are matched:

if (req.http.cookie ~ "wp-resetpass-") { return (pass); } #CloudwaysVCL

It’s a PCRE match (perl compatible regular expression). Therefore the above is the same as writing:

if (req.http.cookie ~ "^.*wp-resetpass-.*$") { return (pass); } #CloudwaysVCL

Adding ‘.?’ to match zero or one character does not change anything, as ‘.?.’ is the same as '.’.


#9

Thanks for the tip! I disabled all my plugins and was about to go into javascript and theme functions before i saw this. Varnish is the problem =)