Caching is a common technique used to speed up website performance. However, it can cause issues when users need to update or submit data on a cached page. In this article, we'll explore how nonces and cache lifespan work with NitroPack.
What are nonces?
A nonce (short for "number used once") is a unique code that can be used to help ensure the security of a particular action or process. Nonces help prevent unauthorized access or misuse of WordPress features, such as forms, URLs, or settings pages.
A WordPress nonce is a one-time-use token generated by WordPress and embedded in a form or URL. When the form is submitted or the URL is accessed, the nonce is checked to verify that the user has the appropriate permissions to perform the requested action.
WordPress provides two types of nonces: action nonces and URL nonces. Action nonces are typically used to help protect form submissions, while URL nonces are used to help protect URLs from unauthorized access.
Do nonces have a lifespan?
Yes, WordPress nonces have a lifespan. By default, a nonce created using WordPress functions has a lifespan of 12 hours, meaning it can only be used for 12 hours after it is generated. After that time period has elapsed, the nonce will expire and become invalid.
It's important to note that the lifespan of a nonce can be customized by developers using WordPress functions. Developers can specify a different lifespan for a nonce when creating it, or they can modify the default lifespan for all nonces in their WordPress site using the nonce_life filter.
Customizing the lifespan of nonces can be useful in some instances, such as when working with long-running processes or when a shorter or longer lifespan is needed for security reasons.
However, it's important to balance the need for security with the usability of your website or application, as shorter nonce lifespans may require more frequent user logins or form submissions.
NitroPack and Nonces
Since nonces are updated on schedule, it does not do them any favor in terms of using them alongside caching services such as NitroPack.
An invalid nonce on your website can affect a wide range of functionalities within your WordPress site. This includes critical features such as form validation and the visual presentation of elements like post grids, among other things. In rare cases, this issue can cause the front end of your site to display a completely blank page.
Can NitroPack work with Nonces?
The short answer to that question is - yes, it can.
By default, the cache expiration time in NitroPack is configured to expire after 2592000 seconds, which translates to 30 days, but with a few modifications, NitroPack can be compatible with nonces.
Our service provides two approaches in terms of automatic cache invalidation.
1. The best approach would be to utilize our WP CLI in combination with Cron Job.
By using this method, you would be able to easily purge the cache of the pages that need to have a shorter cache lifespan.
2. Configure the Cache expiration time. It can be lowered to 43200 seconds, which is 12 hours. This can be further modified per your personal needs and nonce expiration.
By doing so, all of the website’s cache would be invalidated every 12 hours.
This will increase the frequency of cache updates on your website, resulting in more Cache Warmup processes if the feature is activated. If you experience any issues related to high server load, you may contact our support team.