#20256 closed defect (bug) (invalid)
PHP SESSION issues with Chrome
Reported by: | aternus | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Rewrite Rules | Keywords: | |
Focuses: | Cc: |
Description
Hey everybody,
After a long time of breaking my head on why SESSIONs were broken with Chrome, I've found a solution.
The ISSUE:
Wordpress rewrite doesn't report 404 properly for a missing favicon (more elements might be involved).
SCENARIO:
Plugin generates CAPTCHA and stores the value inside the $_SESSION array.
Because of the missing 404 header/wrong rewrite rules, Chrome makes several requests resulting in CAPTCHA being refreshed without user input submit.
FIX:
Send 404 header for missing files.
Change History (4)
#1
@
13 years ago
- Keywords close added; has-patch needs-testing removed
- Severity changed from critical to normal
- Version changed from 3.3.1 to 3.0
#2
@
13 years ago
In this case, I'd suggest the plugin should only be generating a new captcha on pages which it's needed on, for example, when is_singular() is true. and prefixing the session variable with the post ID that it's generated for.
404's hitting WordPress are common, It's not uncommon for theme CSS files to refer to non-existent items, or even post content referring to non-existent images, plugins need to work around the environment they're given unfortunately.
Take a look at the function
wp_favicon_request
and #3426 for the history. There are also some reasons against a 404 header.