WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#20256 closed defect (bug) (invalid)

PHP SESSION issues with Chrome

Reported by: aternus Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Rewrite Rules Keywords:
Focuses: Cc:

Description

Hey everybody,

After a long time of breaking my head on why SESSIONs were broken with Chrome, I've found a solution.

The ISSUE:
Wordpress rewrite doesn't report 404 properly for a missing favicon (more elements might be involved).

SCENARIO:
Plugin generates CAPTCHA and stores the value inside the $_SESSION array.
Because of the missing 404 header/wrong rewrite rules, Chrome makes several requests resulting in CAPTCHA being refreshed without user input submit.

FIX:
Send 404 header for missing files.

http://stackoverflow.com/questions/2953536/randomly-losing-session-variables-only-in-google-chrome-url-rewriting

Change History (4)

#1 @ocean90
9 years ago

  • Keywords close added; has-patch needs-testing removed
  • Severity changed from critical to normal
  • Version changed from 3.3.1 to 3.0

Take a look at the function wp_favicon_request and #3426 for the history. There are also some reasons against a 404 header.

#2 @dd32
9 years ago

In this case, I'd suggest the plugin should only be generating a new captcha on pages which it's needed on, for example, when is_singular() is true. and prefixing the session variable with the post ID that it's generated for.

404's hitting WordPress are common, It's not uncommon for theme CSS files to refer to non-existent items, or even post content referring to non-existent images, plugins need to work around the environment they're given unfortunately.

#3 @wonderboymusic
9 years ago

  • Resolution set to invalid
  • Status changed from new to closed

#4 @wonderboymusic
9 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.