Membership site and Cloudflare

Hello All,

We have a website using Concrete5 Version 8.5.4, CloudFlare, and Ezoic. It is working fine and as we are using 2 caching systems CloudFlare and Ezoic, we were not able to edit the website using the main domain and as the solution(a few years back) we created an alias domain and use it to edit the website.

For e.g. is the main domain and is using Cloudflare and Ezoic, so we can create as an alias domain and pointed it to the same root directory as, and by using this method we were able to make the edits to the website so that we can check instant changes in which do not use any caching.

Now we are planning to convert the site to a membership site, where users can get access to premium content after payment. So for that, they must register, subscribe to membership, and log in to access premium content but due to Cloudflare we are facing issues,

*Tried to log in from the front end and it did not work, somehow logged it for 1 time and checked out other pages then it was not working again due to caching.

  • Tried to logout and login again, never got logged out and many more such issues

  • When I try to log in from the admin end, it shows an invalid token error

So can you please help me resolve this issue,

we are already using the Cloudflare IP Proxy addon but it has not helped in any way.

Solution we tried: Tried to bypass caching of front end log in page from Ezoic and Cloudflare Caching but it gives error Your session has expired. Please sign in again. and when I go to login page again I am already logged in but still not able to check the pages which I have permission to view. When I visit the page it redirects me to backend login page.

I’m not familiar with Ezoic, but I’d assume that all caching layers are basically the same. If the caching layer is not aware of cookies (or however you are maintaining state), then you’ll need to configure the caching layer to not cache that content.

I think CloudFlare offers a business plan that lets you Bypass Cache on Cookie

There are also ways. This CloudFlare blog post describes a how a WordPress plug-in works with CloudFlare to avoid this problem:

You could implement something similar. Either way, the concept is the same: for caching to work with dynamic content, the caching layer needs to know who is logged in.


Thanks for the reply, we tried enabling development mode on over the Cloudflare and turned off Ezoic at the time but still, we are facing an issue. The error we are seeing is “Your session has expired. Please sign in again.”

Any help is appreciated

Hello Team,

The error we are facing is Your session has expired. Please sign in again. I tried changing concrete.php file to disable IP checking but still, it does not work

Any help appreciated

Hello Team,

We were facing caching issues with Ezoic and Cloudflare: logging in using our main domain was not working due to IP and User-Agent session validation. The IPs and User-Agents were changing on each request, meaning our sessions were immediately marked as invalid.

We checked the ConcreteCMS forums and found that disabling session validation was likely to solve the issue. Now, it does work, but we have few questions:

  1. Are we foregoing anything by disabling the extended session validation?
  2. Is there anything we need to keep in mind?
  3. Will it affect the site’s operation in any other ways?
  4. We use Mal’s E-commerce to provide our downloadable products and it uses IP addresses to track the downloads. Is it likely to affect that?

Also, if you have any other instructions or solutions for it, we would like to check them out.

Do let us know if you need any other information.

Thank You! :slight_smile:

It depends on your security needs. Invalidating sessions when IP addresses or user-agent strings change can potentially increase security against session hijacking.

I know this is an old thread, but if anyone else is having this issue, I have had some success with this add-on. And, it’s built by the best.

Another solution that has worked is disabling session invalidation if IP address changes. That’s why you are getting booted out. When using CloudFlare the IP address can change. This can be done in the Concrete config. However, it does pose a possible security risk.

1 Like