User loses logged_in cookie but not other auth cookies
|Reported by:||mintindeed||Owned by:|
We have a user on Chrome for Mac who lost his wordpress_logged_in_* cookie somehow, but kept the wordpress_* cookies set to the /wp-admin and /wp-content/plugins paths. He was able to perform admin actions such as editing posts, but was unable to preview posts, and was not seeing content that’s available to logged in users.
We have heard reports from another user using IE8 on Windows 7 that sound like this may have happened to her as well. Two different browsers and OSes, so it doesn't seem browser or OS-specific.
As of yet, we are unable to reproduce this issue on demand. Because we can't reproduce it on demand, we can't determine whether it's WP core, a plugin, or some external factor that is causing the problem. However, we have validated that if you lose the wordpress_logged_in_* cookie on a stock install of WordPress, this behaviour does exhibit itself -- you stay logged in to the admin, but you're not logged in on the frontend.
This sounds like a support issue, and we have worked with WP support to resolve it, but haven't been able to rule out that WP core is the cause. We couldn’t find anything in WP core that looked like it could remove the logged_in cookie but not the others, but there are people here who are more familiar with WP core than us. :)
Obviously this is an edge case, and it's solvable by logging out and logging back in -- but that assumes you know that you're having this problem, and that's not obvious to a regular user.
I am trying to determine if a bug exists and whether it's the cause of this and other "clear your cache and cookies and it will work" issues.
Additionally, it seems like a bit of overkill that WordPress would set 3 authentication cookies. Perhaps this is because of SSL logins to the admin, but couldn't that be solved by setting a single non-secure cookie to /, and then if SSL is enabled setting a second secure cookie?