Calling is_user_logged_in() causes the "wordpress_logged_in[HASH]" cookie to be set.
|Reported by:||tomdkat||Owned by:|
While troubleshooting some malfunctioning plugins, I discovered the "is_user_logged_in()" function causes the "wordpress_logged_in[HASH]" cookie to be set. The "is_user_logged_in()" function calls the "wp_validate_auth_cookie()" function, as part of its processing, and it's "wp_validate_auth_cookie()" which actually sets the logged in cookie. I'm reporting this behavior as a bug in "is_user_logged_in()" because I think "is_user_logged_in()" should simply check to see if the current user is logged in or not and not cause any cookies or status to be set or changed.
This behavior caused the W3 Total Cache and Login Security Solution plugins to not properly function in my Wordpress installation. The site in question has pages only and no blog. The custom theme being used called "is_user_logged_in()" to enable some links in the footer of the page if the current website visitor was logged in. Since my site has no blog, there would never be a case where a visitor would be "logged in" yet the call to "is_user_logged_in()" resulted in the "wordpress_logged_in[HASH]" cookie to be set.
You can see some discussion I had with the author of the "Login Security Solution" plugin here:
Currently, my custom theme has the call to "is_user_logged_in()" commented out so I'm not experiencing the problem. I can enable this call to gather some debugging information, if necessary.
The way I found the issue was using the "Live HTTP Headers" Firefox plugin to monitor the HTTP traffic between my browser and the server and I would see the "wordpress_logged_in[HASH]" cookie being referenced even though I never logged in to Wordpress, at that point.
Please let me know if there's anything else I can do to gather information regarding this issue.
Change History (3)
comment:1 SergeyBiryukov — 12 months ago
- Component changed from General to Users
- Keywords reporter-feedback added