[wp-testers] Question about SECRET_KEY et al.

Otto otto at ottodestruct.com
Tue Nov 25 17:17:33 GMT 2008


On Tue, Nov 25, 2008 at 8:04 AM, Xavier Borderie <xavier at borderie.net> wrote:
> Let's say a user has been using SECRET_KEY since v2.5, and has not
> changed that when 2.6 came. So, he doesn't have AUTH_KEY,
> SECURE_AUTH_KEY nor LOGGED_IN_KEY in his wp-config.php, but he does
> have SECRET_KEY. Does WP fallback to SECRET_KEY when he can't find the
> three other ones ?

Yes.


> If the user replaces SECRET_KEY with the three new keys, can he expect
> some login failures?

The existing cookies will become invalid, so the user will have to re-login.


> If so, how can they be best avoided (apart from
> log-off/delete-cookies/log-back-in)?

What do you mean "apart from" that? There really is no other way to
fix broken cookies, if they happen to break.


More information about the wp-testers mailing list