In this article we’ll talk about what HTTP cookies are and what they can be used for. We’ll also look into how different cookies can break cache.
So, what are cookies?
Chances are that when you have been browsing the internet, you’ve seen these cookie notification pop-ups.
These cookies are small unique pieces of data that are stored locally on your computer (in your browser) when you load a web page. Your browser can also send these cookies back to the server using a HTTP Cookie header request. Due to a cookie having its own unique ID, cookies can have many different functionalities, such as:
- Keeping track of a users IP and browsing activity
- Remembering login details for websites
- Tracking visitor count to a website
- Storing a shopping-session – keeping shopping related information stored such as cart/checkout/wishlist
- Serve specific targeted ads
- And more
Cookies can with these functions benefit the user/visitor’s experience to a website by providing a more targeted result based on what the user/visitors click on or search for. Although cookies can be beneficial for your website, they can also become a security/GDPR issue if they aren’t handled properly.
This leads us to the next topic on why cookies can break cache.
Why cookies can break cache
Due to each cookie having its own ID, they shouldn’t normally be Full page cached (HTML cached). Imagine if you login to your account on a website and the cookie storing that login-session is cached for others to use, then that can quickly become a security issue for both you and others.
Luckily it’s normal these days to invalidate cache for specific user-actions with cookies to prevent this issue from happening, such as:
- Adding items to your shopping cart
- Adding items to your wishlist
- Finalising a purchase through the checkout process
- Logging into your user-account
- Changing dynamic content on a website
- And more
This is done typically by setting session cookies, or set-cookies on specific actions done on a website. Even though this may be intended behaviour, for keeping track of a cart or wishlist for example, it can break the cache of your website. Setting a cookie while it is not yet needed will cause your site to be less performant and scalable than it can be.
So, how do we fix this?
First, make sure you’re only setting a cookie when it’s needed for your website. This way visitors browsing the site and not really interacting yet can get served their pages straight from the cache. The performance boost they get just might help them to add your products to their cart, and that’s when cookies should be set.
If you’re unaware of setting any cookies, your site might still deliver them. Most likely a plugin or theme is causing this behaviour, even if you’re unaware. How do we find which one? Look through your files and search for the PHP functions session_start()
and setcookie()
. These functions are used to start a session using cookies.
Cookies in use by your site can also be seen in the response headers of your site while interacting with it. Alternatively cookies in use can also be seen using Google Chrome Devtools.
Search for PHP functions setting cookies using grep
Grep is a command line utility that can be used to search for all sorts of stuff, including PHP functions setting cookies.
grep -r "session_start()"
grep -r "setcookie()"
Examples of code setting cookies can be:
if (!session_id()) {
session_start();
}
Or
add_action('init', 'setMyCookie', 0);
function 'myCookie'(): void
{
setcookie('myCookie', '1', [
'expires' => time() + 3600,
'path' => '/'
]);
}
Some WordPress plugins have options to disable cookie-options – we have an article on that here: WordPress Plugins that Break Caching.
And as always, should you have any additional questions please don’t hesitate to contact our support chat at servebolt.com!