# NGINX caching configuration in Trellis

**URL:** https://discourse.roots.io/t/nginx-caching-configuration-in-trellis/7056
**Category:** trellis
**Created:** 2016-06-24T16:26:11Z
**Posts:** 2

## Post 1 by @luqo33 — 2016-06-24T16:26:11Z

Hello,

I’ve found that Trellis sets these configuration values for NGINX when caching in enabled:

> fastcgi\_ignore\_headers Cache-Control Expires Set-Cookie;  
> fastcgi\_pass\_header Set-Cookie;  
> fastcgi\_pass\_header Cookie;

These lines instruct NGINX to cache response even if they include `Set-Cookie` header (such responses would not be cached by default). At the same time `Set-Cookie` and `Cookie` are passed to the client.

I’m wondering if this is safe. E.g. WooCommerce sets `wp_woocommerce_session` cookie. It can also set `woocommerce_recently_viewed` on every product view. Aren’t we then running risk of

> serving all your visitors the cookies that were generated for the first user who requested the resource ?

This issue was mentioned in the discussion at SO ([NGINX caching and cookies](http://stackoverflow.com/a/9232739/3785777)).

---

## Post 2 by @swalkinshaw — 2016-06-25T16:26:15Z

Those 3 settings are set globally regardless if caching is disabled or not.

Trellis includes a setting for skipping certain cookies: [https://github.com/roots/trellis/blob/3f6f4c155c9cc177b746be45cd33a1bf4506033a/roles/wordpress-setup/templates/wordpress-site.conf.j2#L62-L65](https://github.com/roots/trellis/blob/3f6f4c155c9cc177b746be45cd33a1bf4506033a/roles/wordpress-setup/templates/wordpress-site.conf.j2#L62-L65)

On [https://roots.io](https://roots.io) for example, we customize that to add on a cookie name for Easy Digital Downloads:

```
skip_cache_cookie: comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|edd_items_in_cart
```

You may need to do the same for those 2 woocommerce cookies.