Password protected pages don't work if site address is different from wordpress address
|Reported by:||3singes||Owned by:|
On a 3.2.1 wordpress site, we notices that password protected pages didn't work.
Site address is in another domain (x.com) than wordpress address (y.com).
If we set the same domain for both of them, protected pages work again.
I think I understood what was going on:
- the browser gets the form for the password via siteurl.
- however the forms posts data to wordpress address (wp-pass.php), and the browser gets the cookie within this domain (and not siteurl domain)
- the browser is redirected to siteurl, but the cookie doesn't work (domain mismatch).
I corrected wp-pass.php, by replacing get_option('siteurl') by get_option('home'), and it worked.