[wp-trac] [WordPress Trac] #63280: wp-settings- and wp-settings-time- cookies set on every admin request if user settings empty
WordPress Trac
noreply at wordpress.org
Tue Apr 15 03:20:17 UTC 2025
#63280: wp-settings- and wp-settings-time- cookies set on every admin request if
user settings empty
--------------------------+-----------------------------
Reporter: kkmuffme | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: trivial | Keywords:
Focuses: |
--------------------------+-----------------------------
if the WP user settings are empty, WordPress will set the wp-settings-
time- on every admin request again and again, and also tries to delete the
wp-settings- cookie, since PHP treats setcookie with empty value as
expired cookie, ignoring the provided expiration.
This behavior was different in PHP<7 and still incorrectly documented
https://github.com/php/doc-en/issues/4614
Other places that use that cookie already have this correctly implemented
though:
https://github.com/WordPress/wordpress-develop/blame/trunk/src/wp-
includes/option.php#L1917
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-
includes/pluggable.php#L1145
Just setting the value to a space, like it's done in the other places,
ensures it will not try to delete/set the cookie(s) on every request, but
validation still works, since spaces are removed before comparison with
option value.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63280>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list