# Using HTTP Cache for Logged-In Users ## How to Enable HTTP Cache for Logged-in Users By default, Shopware disables HTTP caching for logged-in users to prevent the accidental caching of personalized content. However, some performance tweaks in the official documentation describe how to enable it manually. {% hint style="danger" %} Before applying this change, it is critical to understand the implications for data security and personalization in B2B environments. {% endhint %} ## Default Behavior in Shopware * **Logged-in users do not use the HTTP cache** by default. * You can **enable the cache manually** via configuration as described in the Shopware documentation: * [Shopware HTTP Cache Guide](https://developer.shopware.com/docs/concepts/framework/http_cache.html#sw-states) * [Performance Tweaks](https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks.html#logged-in-cart-filled) ## Risk When Enabling HTTP Cache for Logged-in Users Shopware generates a cache hash based on several parameters: * Rule IDs * Currency ID * Tax State * Version ID However, **this cache hash does not include the customer ID**. This means: > If two users share the same currency, tax state, and rule set, they may receive the same cache hash and therefore the same cached content. This can result in a **serious data protection issue,** where logged-in customers might see personalized data (like headers, prices, etc.) from other customers. ## Recommendation * **Do not enable HTTP caching for logged-in users unless you are absolutely sure** your shop does not serve any personalized content. * If you do enable it, you must customize the cache hash generation to ensure that each logged-in customer receives a unique cache version. ## Our Solution: Per-Customer Cache Hash Plugin To support scenarios where HTTP caching for logged-in users is required (e.g., for performance reasons), we’ve developed a lightweight, open-source Shopware plugin: **B2B Customer Cache Index** Plugin This plugin: * Listens to the `kernel.response` event * Extends the HTTP cache hash with the customer ID (only when logged in) * Ensures that every customer gets their own cache version * Mitigates the risk of leaking personalized data via cache ### Installation You can download and install the plugin manually from the link below. {% file src="/files/BxGZHgiQeL9bBPi7PaXU" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.b2b-sellers.com/b2b-platform/3/using-http-cache-for-logged-in-users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.