Opened 12 years ago
Closed 12 years ago
#24025 closed defect (bug) (invalid)
Calling is_user_logged_in() causes the "wordpress_logged_in[HASH]" cookie to be set.
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.5.1 |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
While troubleshooting some malfunctioning plugins, I discovered the "is_user_logged_in()" function causes the "wordpress_logged_in[HASH]" cookie to be set. The "is_user_logged_in()" function calls the "wp_validate_auth_cookie()" function, as part of its processing, and it's "wp_validate_auth_cookie()" which actually sets the logged in cookie. I'm reporting this behavior as a bug in "is_user_logged_in()" because I think "is_user_logged_in()" should simply check to see if the current user is logged in or not and not cause any cookies or status to be set or changed.
This behavior caused the W3 Total Cache and Login Security Solution plugins to not properly function in my Wordpress installation. The site in question has pages only and no blog. The custom theme being used called "is_user_logged_in()" to enable some links in the footer of the page if the current website visitor was logged in. Since my site has no blog, there would never be a case where a visitor would be "logged in" yet the call to "is_user_logged_in()" resulted in the "wordpress_logged_in[HASH]" cookie to be set.
You can see some discussion I had with the author of the "Login Security Solution" plugin here:
http://wordpress.org/support/topic/help-needed-with-login-security-solution-0340-problem
Currently, my custom theme has the call to "is_user_logged_in()" commented out so I'm not experiencing the problem. I can enable this call to gather some debugging information, if necessary.
The way I found the issue was using the "Live HTTP Headers" Firefox plugin to monitor the HTTP traffic between my browser and the server and I would see the "wordpress_logged_in[HASH]" cookie being referenced even though I never logged in to Wordpress, at that point.
Please let me know if there's anything else I can do to gather information regarding this issue.
Change History (3)
#2
@
12 years ago
Thanks for the reply. Using your approach, I tried a different Wordpress installation using the default theme and no plugins installed other than what comes with Wordpress and what's activated by default. I was NOT able to recreate the problem. So, I went back to the site in question and deactivated all plugins and re-enabled the call to "is_user_logged_in()" and encountered the problem. I made sure to clear my browser cache and cookies before conducting all of my tests. I also captured the HTTP headers which show the cookie being set.
http://mysite.com/mysite/ GET /mysite/ HTTP/1.1 Host: mysite.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.mysite.com/ Connection: keep-alive HTTP/1.1 200 OK Date: Wed, 10 Apr 2013 14:38:45 GMT Server: Apache X-Pingback: http://mysite.com/mysite/xmlrpc.php Set-Cookie: wordpress_8d21f(snip); expires=Wed, 24-Apr-2013 14:38:45 GMT; path=/mysite/wp-content/plugins; httponly Set-Cookie: wordpress_8d21f(snip); expires=Wed, 24-Apr-2013 14:38:45 GMT; path=/mysite/wp-admin; httponly Set-Cookie: wordpress_logged_in_8d21f(snip); expires=Wed, 24-Apr-2013 14:38:45 GMT; path=/mysite/; httponly Cache-Control: max-age=1209600 Expires: Wed, 24 Apr 2013 14:38:45 GMT Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1890 Keep-Alive: timeout=5, max=75 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
So, it's got to be something local to my theme. This bug report can be closed. Sorry for wasting your time. :)
Thanks!
Could not reproduce on a clean install. My steps:
echo is_user_logged_in();
to theme'sheader.php
.LOGGED_IN_COOKIE
is only set inwp_set_auth_cookie()
:http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/pluggable.php#L640
By default, it's only called in
wp_signon()
andwp_update_user()
:http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L63
http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L1480
Have you tested with all plugins disabled?