Customer data not invalidated private content after logged in

[nntoan]

Magento Commerce 2.2.1 & 2.2.2
FPC: Varnish

The current sections.xml does not invalidate customer section after the redirect. (Welcome message..etc is blank)

<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Customer:etc/sections.xsd">
    <action name="loginascustomer/login/post" />
</config>

But if we add the specified section into sections.xml, then it will invalidate private content properly. For e.g:

<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Customer:etc/sections.xsd">
    <action name="loginascustomer/login/post">
        <section name="checkout-data"/>
        <section name="wishlist"/>
        <section name="multiplewishlist"/>
        <section name="customer"/>
        <section name="cart"/>
    </action>
</config>

[erfanimani]

+1

[Amadeco]

+1

Thank you

[erfanimani]

So I did some investigating (due to an issue where it didn't seem to log you in properly).

Basically — after logging in — it takes you to loginascustomer_login_proceed, which submits a form (POST) to loginascustomer/login/post after 5 seconds (an inline JS script submits a form after a 5000ms setTimeout).

Now, section.xml contains the following:

<?xml version="1.0"?>
<!--
/**
 * Copyright © 2016 Ihor Vansach (ihor@magefan.com). All rights reserved.
 * See LICENSE.txt for license details (http://opensource.org/licenses/osl-3.0.php).
 *
 * Glory to Ukraine! Glory to the heroes!
 */
-->
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Customer:etc/sections.xsd">
    <action name="loginascustomer/login/post"/>
</config>

Interesting to note is (apart from the Ukrainian heroes bit), the <action> tag doesn't contain any children in the form of <section>. I assume if there's no children, it invalidates all customer data sections. Is that correct?

Anyhow, if I navigate away before the 5 second form post, it looks like I'm still logged in, but when I add anything to my cart, I appear to be logged out.

Initially I thought I had to hit any non-Varnish page to log me out, but it only seems to happen if I add something to my cart. I can only assume that by adding something to the cart, before your previous customer local storage is cleared, something breaks and you are logged out.

This begs the question, why the 5 second wait?

[magefan]

@erfanimani , thank you for your info.

1. Yes, if the action tag does not contain any childer magento should clean all sections.
2. 5 second is enough time for magento to load all js files and start listening to the form submission.

[erfanimani]

Ah I see — thanks @magefan

I will experiment with improving that functionality, to prevent the need for the 5 second wait, and prevent things from breaking when you navigate away before the 5 second load - my website loads very fast ;) / sarcasm

Something along the lines of require('Magento_Customer/js/customer-data').reload('customer');

CC @nntoan

[nntoan]

@magefan I believe there is something we don't know yet about the cache-hole punching of Magento 2. I have a same situation in the past and there is no way to invalidate the private content through sections.xml without set all the sections.

Yes, in theoretically if we don't set any section, then it MUST invalidate everything but in fact... And if you noticed, Magento 2 themselves don't use something like <action name=xxx /> to invalidate all sections much in their own code.

[magefan]

@nntoan we will add your fix to our code in a few days and will release a new version.

[erfanimani]

Please check my PR here as well: #16

Should also fix #13, plus make log-in faster.

[magefan]

@erfanimani , thank you, we will review your changes. I think the new version will be available on Monday.