[wp-trac] [WordPress Trac] #20276: Tie nonces and cookies to expirable sessions
WordPress Trac
noreply at wordpress.org
Fri Jul 18 18:39:29 UTC 2014
#20276: Tie nonces and cookies to expirable sessions
----------------------------+------------------
Reporter: ryan | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------
Comment (by nacin):
Replying to [comment:33 johnbillion]:
> What does the upgrade process from `<4.0` to `4.0` look like if we're
invalidating the current session during the upgrade?
One of two things will happen:
* For a user not performing an update, they'll get a login screen,
probably as a result of the auth check JS. Easy peasy.
* For a user performing the update, they'll be dumped to wp-login.php on
the way to about.php. There is some code in wp-login.php to detect when
about.php is the redirect_to. It then displays a message: "You have
successfully updated WordPress! Please log back in to experience the
awesomeness." We did this back when we were changing how salts were auto-
generated.
Either way, not a problem.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/20276#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list