Contact Us
Home » Insights » Pantheon Cookie Naming Rules: Why Your Custom Cookies Aren’t Working

Pantheon Cookie Naming Rules: Why Your Custom Cookies Aren’t Working

… Last Updated:

Busy making and baking cookies that conform to the edge cache in Pantheon
I made #miniature cookies for today's YouTube video. Party of the bigger order. //I have a great vegan cookie recipe too. But for that I need to make mini peanut butter, raisins and oats soooo… Another time ^^” by PetitPlat – Stephanie Kilgast is licensed under CC BY-NC-ND 2.0 .

The Problem: Custom Cookies Disappearing on Pantheon

You’ve developed a custom WordPress solution that relies on cookies – maybe for user preferences, shopping cart persistence, or personalization features. Everything works perfectly in your local development environment, but once deployed to Pantheon hosting, your cookies mysteriously stop working.

Common developer questions, we’ve felt your pain:

“Why isn’t my custom cookie being saved/retrieved on Pantheon?”

“My WordPress plugin sets cookies locally but they disappear on the live site. What’s happening?”

“I’m trying to set a cookie for user tracking, but it only works sometimes. Is this a Pantheon issue?”

If this sounds familiar, you’re encountering Pantheon’s edge cache cookie handling. This isn’t a bug – it’s Pantheon’s performance optimization system protecting your site’s speed, but it requires following specific naming conventions.

Why Pantheon Strips Most Cookies

Pantheon’s edge cache strips cookies by design for performance reasons:

  • Faster page loads: Fewer cookie variations mean better caching
  • Improved CDN performance: Global CDN can cache responses more efficiently
  • Reduced server load: Less processing of cookie-dependent content
  • Better Core Web Vitals: Streamlined responses improve performance scores

The trade-off: Your custom cookies need to follow Pantheon’s naming rules or they’ll be stripped away.

Pantheon’s Cookie Naming Requirements

The STYXKEY Convention

For cookies to work with Pantheon’s edge cache, they must follow this exact format:

STYXKEY[a-zA-Z0-9_-]+

Breaking this down:

  • Must start with: STYXKEY (exactly 7 capital letters)
  • Followed by: One or more characters from this set:
    • Letters: a-z and A-Z
    • Numbers: 0-9
    • Underscore: _
    • Hyphen: -

Valid Cookie Name Examples

javascript

// ✅ These cookie names will work on Pantheon
STYXKEY_user_preferences
STYXKEY_cart_id
STYXKEY-session-token
STYXKEYabc123
STYXKEY_custom_tracking_id
STYXKEY-mobile-view

Invalid Cookie Name Examples

javascript

// ❌ These will be stripped by Pantheon's edge cache
styxkey_iphone           // Must be uppercase STYXKEY
STYXKEY.iphone          // Dots are not allowed
custom_user_prefs       // Must start with STYXKEY
STYXKEY@special         // Special characters not allowed
mySTYXKEY_cookie        // Must START with STYXKEY

Where Cookies Are Always Stripped

Public Files (WordPress Uploads)

Pantheon strips ALL cookies from requests to:

/wp-content/uploads/*

This means:

  • Image requests won’t receive cookies
  • PDF downloads won’t have cookie access
  • Any file in the uploads directory is cookie-free

Why this matters: Don’t try to use cookies for tracking downloads or image access – they won’t work.

Static File Extensions

Pantheon strips cookies for files ending with these extensions:

png gif jpeg jpg ico bmp tif tiff webp swf css js woff woff2 svg ttf otf eot

Important: This applies even to dynamically generated files with these extensions.

Example:

php

// ❌ This won't receive cookies, even though it's dynamic PHP
https://yoursite.com/dynamic-image.php/image.jpg

// ✅ This will receive cookies (no file extension)
https://yoursite.com/dynamic-image.php?format=jpg

Common Cookie Implementation Mistakes

Mistake 1: Using Descriptive Names

php

// ❌ Wrong - will be stripped
setcookie('user_preferences', $data, time() + 3600);
setcookie('shopping_cart_id', $cart_id, time() + 86400);

// ✅ Correct - follows STYXKEY convention  
setcookie('STYXKEY_user_prefs', $data, time() + 3600);
setcookie('STYXKEY_cart_id', $cart_id, time() + 86400);

Mistake 2: Case Sensitivity Issues

php

// ❌ Wrong - lowercase 'styxkey'
setcookie('styxkey_session', $session_id, time() + 3600);

// ❌ Wrong - mixed case 'StyxKey'  
setcookie('StyxKey_session', $session_id, time() + 3600);

// ✅ Correct - exactly 'STYXKEY'
setcookie('STYXKEY_session', $session_id, time() + 3600);

Mistake 3: Invalid Characters

php

// ❌ Wrong - contains dots
setcookie('STYXKEY.user.id', $user_id, time() + 3600);

// ❌ Wrong - contains spaces
setcookie('STYXKEY user session', $session, time() + 3600);

// ✅ Correct - only allowed characters
setcookie('STYXKEY_user_id', $user_id, time() + 3600);
setcookie('STYXKEY-user-session', $session, time() + 3600);

Testing Your Cookie Implementation

Test 1: Cookie Setting Verification

javascript

// Set a test cookie and verify it's saved
document.cookie = "STYXKEY_test=working; path=/";

// Check if it was saved (run this in browser console)
console.log(document.cookie.includes('STYXKEY_test'));

Test 2: Server-Side Cookie Reading

php

// PHP: Verify cookie is received on server
if (isset($_COOKIE['STYXKEY_test'])) {
    echo "Cookie working: " . $_COOKIE['STYXKEY_test'];
} else {
    echo "Cookie not received";
}

Test 3: Cross-Page Persistence

  1. Set cookie on page A with STYXKEY naming
  2. Navigate to page B
  3. Verify cookie is available on page B
  4. Test both HTTP and HTTPS if applicable

Regex Validation Tool

Use this regex to test your cookie names:

^STYXKEY[a-zA-Z0-9_-]+$

Test your cookie names at: Regex101.com

Example test cases:

  • STYXKEY_user123 ✅ Match
  • STYXKEY-session-abc ✅ Match
  • styxkey_test ❌ No match (lowercase)
  • STYXKEY.user ❌ No match (dot not allowed)

Practical Implementation Examples

User Preference Storage

php

// Store user's theme preference
function save_user_theme($theme) {
    $cookie_name = 'STYXKEY_theme_pref';
    $cookie_value = sanitize_text_field($theme);
    setcookie($cookie_name, $cookie_value, time() + (30 * 24 * 60 * 60), '/');
}

// Retrieve user's theme preference
function get_user_theme() {
    $cookie_name = 'STYXKEY_theme_pref';
    return isset($_COOKIE[$cookie_name]) ? $_COOKIE[$cookie_name] : 'default';
}

Shopping Cart Persistence

php

// Store cart ID for guest users
function save_cart_id($cart_id) {
    $cookie_name = 'STYXKEY_cart_id';
    setcookie($cookie_name, $cart_id, time() + (7 * 24 * 60 * 60), '/');
}

// Retrieve cart ID
function get_cart_id() {
    $cookie_name = 'STYXKEY_cart_id';
    return isset($_COOKIE[$cookie_name]) ? $_COOKIE[$cookie_name] : null;
}

Session Management

javascript

// JavaScript: Set session tracking cookie
function setSessionCookie(sessionId) {
    const cookieName = 'STYXKEY_session_id';
    const expireDate = new Date();
    expireDate.setTime(expireDate.getTime() + (2 * 60 * 60 * 1000)); // 2 hours
    
    document.cookie = `${cookieName}=${sessionId}; expires=${expireDate.toUTCString()}; path=/`;
}

Troubleshooting Cookie Issues

Issue: Cookie Not Persisting

Check list:

  1. Cookie name starts with STYXKEY
  2. Only allowed characters used (a-zA-Z0-9_-)
  3. Not accessing from static file URLs
  4. Proper path and domain settings
  5. Reasonable expiration time

Issue: Cookie Works Locally But Not on Pantheon

Common causes:

  • Cookie name doesn’t follow STYXKEY convention
  • Trying to access cookies on static file requests
  • HTTPS/HTTP protocol mismatch
  • Domain/subdomain configuration issues

Issue: Cookie Intermittently Available

Possible reasons:

  • Edge cache serving different responses
  • Cookie set after initial page load
  • JavaScript timing issues
  • Multiple cookie-setting attempts conflicting

When Pantheon Cookie Rules Don’t Apply

These scenarios bypass Pantheon’s cookie stripping:

  • Cache-busting cookies: Specific cookies that force server processing
  • Administrative requests: WordPress admin area interactions
  • Logged-in users: Some user session cookies are preserved
  • Development environments: Different rules may apply on dev/test instances

Note: Always test cookie behavior on your actual Pantheon environment, as rules can vary between environments.

Professional WordPress Development on Pantheon

While this tutorial covers cookie naming requirements, complex WordPress applications often require additional Pantheon-specific optimizations:

Advanced Pantheon development scenarios:

  • Custom session management for high-traffic applications
  • Integration with external APIs while respecting cache rules
  • Performance optimization balancing functionality and speed
  • Multi-environment deployment strategies (dev/test/live)

When to get professional help:

  • Complex user authentication and session management
  • E-commerce applications with cart persistence requirements
  • High-traffic sites needing performance optimization
  • Custom WordPress development requiring Pantheon-specific optimizations

What’s included in professional Pantheon WordPress development:

  • Complete hosting environment optimization
  • Custom cookie and session strategy implementation
  • Performance testing and cache optimization
  • Multi-environment deployment workflow setup
  • Team training on Pantheon best practices

Building custom WordPress applications on Pantheon hosting?  Contact Knihter for professional WordPress development and Pantheon optimization services. We specialize in high-performance WordPress solutions that work seamlessly with Pantheon’s infrastructure.

Related Posts:

  • Why Google Analytics Shows PANTHEON_STRIPPED in UTM Parameters

Related Services: