Using HTTP Cache for Logged-In Users
Last updated
Was this helpful?
v2.X.X+v3.X.X (Shopware 6.5/6.6)
Last updated
Was this helpful?
By default, Shopware disables HTTP caching for logged-in users to prevent the accidental caching of personalized content. However, some performance tweaks in the official documentation describe how to enable it manually.
Before applying this change, it is critical to understand the implications for data security and personalization in B2B environments.
Logged-in users do not use the HTTP cache by default.
You can enable the cache manually via configuration as described in the Shopware documentation:
Shopware generates a cache hash based on several parameters:
Rule IDs
Currency ID
Tax State
Version ID
However, this cache hash does not include the customer ID. This means:
If two users share the same currency, tax state, and rule set, they may receive the same cache hash and therefore the same cached content.
This can result in a serious data protection issue, where logged-in customers might see personalized data (like headers, prices, etc.) from other customers.
Do not enable HTTP caching for logged-in users unless you are absolutely sure your shop does not serve any personalized content.
If you do enable it, you must customize the cache hash generation to ensure that each logged-in customer receives a unique cache version.
To support scenarios where HTTP caching for logged-in users is required (e.g., for performance reasons), we’ve developed a lightweight, open-source Shopware plugin: B2B Customer Cache Index Plugin
This plugin:
Listens to the kernel.response event
Extends the HTTP cache hash with the customer ID (only when logged in)
Ensures that every customer gets their own cache version
Mitigates the risk of leaking personalized data via cache
You can download and install the plugin manually from the link below.