[wp-trac] [WordPress Trac] #17728: User loses logged_in cookie but not other auth cookies

WordPress Trac wp-trac at lists.automattic.com
Wed Jun 8 19:38:53 UTC 2011


#17728: User loses logged_in cookie but not other auth cookies
----------------------------+-----------------------------
 Reporter:  mintindeed      |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Administration  |    Version:  3.1.2
 Severity:  normal          |   Keywords:
----------------------------+-----------------------------
 We have a user on Chrome for Mac who lost his wordpress_logged_in_* cookie
 somehow, but kept the wordpress_* cookies set to the /wp-admin and /wp-
 content/plugins paths.  He was able to perform admin actions such as
 editing posts, but was unable to preview posts, and was not seeing content
 that’s available to logged in users.

 We have heard reports from another user using IE8 on Windows 7 that sound
 like this may have happened to her as well.  Two different browsers and
 OSes, so it doesn't seem browser or OS-specific.

 As of yet, we are unable to reproduce this issue on demand.  Because we
 can't reproduce it on demand, we can't determine whether it's WP core, a
 plugin, or some external factor that is causing the problem.  However, we
 have validated that if you lose the wordpress_logged_in_* cookie on a
 stock install of WordPress, this behaviour does exhibit itself -- you stay
 logged in to the admin, but you're not logged in on the frontend.

 This sounds like a support issue, and we have worked with WP support to
 resolve it, but haven't been able to rule out that WP core is the cause.
 We couldn’t find anything in WP core that looked like it could remove the
 logged_in cookie but not the others, but there are people here who are
 more familiar with WP core than us. :)

 Obviously this is an edge case, and it's solvable by logging out and
 logging back in -- but that assumes you know that you're having this
 problem, and that's not obvious to a regular user.

 I am trying to determine if a bug exists and whether it's the cause of
 this and other "clear your cache and cookies and it will work" issues.

 Additionally, it seems like a bit of overkill that WordPress would set 3
 authentication cookies.  Perhaps this is because of SSL logins to the
 admin, but couldn't that be solved by setting a single non-secure cookie
 to /, and then if SSL is enabled setting a second secure cookie?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17728>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list