Invalid Secure Route

Hi @leprkhn ,

Glad you reached out! Happy to help.

When we encounter that error, that is usually due to caching on your website. Intermittent issues like the one you described are caused by cache 99% of the time. In order to verify that my hypothesis is right here, we need to exclude any asset loaded by GiveWP from the cache.

The fix is a bit technical, so I’ll include as much detail as possible here, but you may need to reach out to your web developer or web support person to implement the recommendations I’ll be talking about below.

Your issue here is caused by some caching happening somewhere in the process. If you’re not familiar with caching, it’s a method of saving server resources by storing copies of a page or site. This is being done so that the next visitor’s visit doesn’t trigger a call to the server at all, they just get the copy that was saved. Basically, instead of the site needing to recreate the page from scratch, it sends up a copy which allows it to load faster.

Caching works really well for speeding up sites, but when a saved copy of the site has sensitive information in it (like donor info) it’s important that GiveWP not share that with the next visitor. If GiveWP is not convinced that the browser requesting the data is the correct one, it defaults to not showing the data.

Caching is handled differently on various sites and web hosts. This could mean a caching plugin, or caching could be in a security solution. Hosting providers also have settings for caching at the server level, and they can help make adjustments for you there. Most caching solutions have a setting or section for excluding specific URLs or parts of URLs (called “slugs”) from caching.

At the very least, you should exclude the following slugs from caching:
— /donations/
— /donation-confirmation/
— /donor-dashboard/
— any page with a donation form on it

Moreover, the following query strings (if your caching solution has a setting for them):
— give-embed=donor-dashboard
— giveDonationFormInIframe=1
— givewp-route
— give-listener=paypal-commerce
— give-listener=ipn
— give-listener=stripe

We also use two cookies: give_nl and wp-give_session_{random generated hashed code unique for each visitor} that should be excluded.

The give_nl cookie provides email access to donors to view their donation history on your site.
The wp-give_session_* cookie is to maintain the donor session during the donation process.

Your host or the caching plugin/solution you are using can help with that. Some of them may require what’s called a “wildcard” like /donations/* to capture all subdirectories under the /donations/ folder. Some folks prefer to customize the URLs to their site pages, so you may find that your URLs don’t have the slugs mentioned above, even though they contain the same content.

In cases like those, we recommend whitelisting the page, not just the slug, that way the pages with those essential pieces of information are still excluded from caching. This is especially important for URLs of pages with donation forms on them.

One helpful tip: Check in with your hosting provider. Most hosts have caching at the server level, and they will be able to adjust this for you. You can also temporarily disable caching on the site to confirm that the uncached site isn’t showing the problem.

While fine-tuning cache falls outside the scope of the support we’re able to provide, your success with online donations is our number one priority, and we’re happy to provide any tips.

We put together this deep dive into what caching is and how it can cause difficulties: https://givewp.com/documentation/resources/caching/.

Please let me know once you’ve implemented the above, and then try to see if the issue persists.

Meanwhile, I’m here for further questions or other concerns.

I’m always happy to help!