Using HTTP Cache for Logged-In Users

How to Enable HTTP Cache for Logged-in Users

By default, Shopware disables HTTP caching for logged-in users to prevent the accidental caching of personalized content. However, some performance tweaks in the official documentation describe how to enable it manually.

Default Behavior in Shopware

Risk When Enabling HTTP Cache for Logged-in Users

Shopware generates a cache hash based on several parameters:

  • Rule IDs

  • Currency ID

  • Tax State

  • Version ID

However, this cache hash does not include the customer ID. This means:

If two users share the same currency, tax state, and rule set, they may receive the same cache hash and therefore the same cached content.

This can result in a serious data protection issue, where logged-in customers might see personalized data (like headers, prices, etc.) from other customers.

Recommendation

  • Do not enable HTTP caching for logged-in users unless you are absolutely sure your shop does not serve any personalized content.

  • If you do enable it, you must customize the cache hash generation to ensure that each logged-in customer receives a unique cache version.

Our Solution: Per-Customer Cache Hash Plugin

To support scenarios where HTTP caching for logged-in users is required (e.g., for performance reasons), we’ve developed a lightweight, open-source Shopware plugin: B2B Customer Cache Index Plugin

This plugin:

  • Listens to the kernel.response event

  • Extends the HTTP cache hash with the customer ID (only when logged in)

  • Ensures that every customer gets their own cache version

  • Mitigates the risk of leaking personalized data via cache

Installation

You can download and install the plugin manually from the link below.

Last updated

Was this helpful?