Turpentine for Magento
Varnish and Magento overall work great together when using the Turpentine extension by Nexcess.
If you don't know about this excellent extension, check it out here.
Magento 1.8 and 1.9 empty cart issue
There is one issue though when using Turpentine with Magento 1.8+. Adding products to the cart won't work due to a form key issue. Form keys on the front-end have been added since Magento 1.8 to prevent XSS attacks.
The newest version of Turpentine mostly addresses this issue, but the issue still persists in the following scenario:
- 1. Open incognito tab (or visit website for the first time)
- 2. Add product to cart
- 3. The cart is empty
You can see that the form key in the form action and the form key hidden input don't have the same key on the first visit.
However, if you come from another page on the website, or refresh the page one time, the form key will be correct in both the URL and hidden input. It means that this issue only happens with new customers, clicking the add to cart button on the first page they land on.
The fix
EvrijnSD created a little module to fix the issue. Until the issue is completely fixed, you can use this workaround:
Fix:
Github issue thread
This work around disables CSFR protection.
Thanks for this fix. It saved my whole day of digging into the code