[wp-trac] [WordPress Trac] #17728: User loses logged_in cookie but not other auth cookies

WordPress Trac wp-trac at lists.automattic.com
Wed Jun 8 20:20:03 UTC 2011


#17728: User loses logged_in cookie but not other auth cookies
----------------------------+------------------------------
 Reporter:  mintindeed      |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:  3.1.2
 Severity:  normal          |  Resolution:
 Keywords:                  |
----------------------------+------------------------------

Comment (by nacin):

 One cookie -- for wp-content/plugins -- is for compatibility, see [8209].

 Separating the other two are important. The admin cookie would normally
 handle the entire site, but for security purposes this privileged cookie
 is restricted to /wp-admin/. Thus the generic logged-in unprivileged
 cookie handles the frontend. It actually doesn't have to do with SSL,
 which introduces additional complexity all on tis own.

 > we have worked with WP support to resolve it

 Link? Or are you referring to WordPress.com, the separate hosted service?


 With regards to the bug, not a clue what would cause this. We set and
 destruct these cookies all at the same time. That said, we could check for
 the existence of wordpress_logged_in_* on the backend, and set it if for
 some reason it is missing.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17728#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list