[wp-trac] [WordPress Trac] #63371: nonce issue when using WordPress mobile app in parallel with web
WordPress Trac
noreply at wordpress.org
Wed Apr 30 16:39:54 UTC 2025
#63371: nonce issue when using WordPress mobile app in parallel with web
--------------------------+------------------------------
Reporter: oferlaor | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.8
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses:
--------------------------+------------------------------
Comment (by oferlaor):
A few clarifications:
1. version 6.7.2 does not have this problem.
2. It seems that the nonce refresh flow, when it's invalid, has some type
of problem - which causes this issue. I think the app is fine, it
basically generates its own nonce and it looks like the original one
expires on the desktop side.
3. Once this happens, the result is pretty catastrophic, user gets kicked
out from what they are doing (and posts in the middle, stop being able to
save) and everything jumps to the user's profile.
At that point, the user is blocked from doing anything as an admin,
nothing works and only after deleting all cookies and logging back in,
does it start to work again.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63371#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list