[wp-trac] [WordPress Trac] #25287: 3.6 introduced a cookie with a non-"wordpress_" prefix. Some reverse proxy setups affected.

WordPress Trac noreply at wordpress.org
Wed Sep 11 22:55:42 UTC 2013


#25287: 3.6 introduced a cookie with a non-"wordpress_" prefix. Some reverse proxy
setups affected.
--------------------------+-------------------
 Reporter:  markjaquith   |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  3.6.2
Component:  General       |    Version:  3.6
 Severity:  normal        |   Keywords:
--------------------------+-------------------
 A common thing to do in Varnish caching/LB layers is to drop cookies that
 don't match a whitelist when forwarding requests on to application
 servers. We should avoid new cookies that aren't prefixed with
 "wordpress_" so that those rules don't have to be updated as WordPress
 adds new cookies. Instead, a generic rule that looks for "wordpress_" can
 stay in place (in addition to ones related to comments and other long-
 established WordPress cookies).

 WordPress 3.6 introduced wp-saving-post-{$post->ID}. We should change that
 to wordpress_saving_post_{$post->ID} (at the very least).

 This issue was reported to me by Joshua Strebel at Page.ly.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25287>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list