[wp-trac] [WordPress Trac] #20276: Tie nonces and cookies to expirable sessions

WordPress Trac noreply at wordpress.org
Thu May 29 20:35:51 UTC 2014


#20276: Tie nonces and cookies to expirable sessions
-------------------------------------------+------------------
 Reporter:  ryan                           |       Owner:
     Type:  task (blessed)                 |      Status:  new
 Priority:  normal                         |   Milestone:  4.0
Component:  Security                       |     Version:
 Severity:  normal                         |  Resolution:
 Keywords:  has-patch commit dev-feedback  |     Focuses:
-------------------------------------------+------------------

Comment (by jeremyfelt):

 [https://core.trac.wordpress.org/attachment/ticket/20276/20276.5.diff
 20276.5.diff] is pretty wonderful.

 I'm still testing it locally, but I dig the extendability. I like the idea
 of having a Gmail style "your other sessions" area. Sessions were created
 for additional browsers as expected. When I invalidated the session in
 Chrome, the session in Firefox remained valid.

 One note so far—if the salt keys in wp-config.php are changed, the session
 is invalidated as expected. However, the original session is not removed
 from the DB and the new session piles on. This *could* cause clutter over
 time.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/20276#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list