WordPress.org

Make WordPress Core

#24961 closed defect (bug) (fixed)

No error message when logging in without cookies enabled

Reported by: agoranet Owned by: azaozz
Milestone: 3.7 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch needs-testing
Focuses: Cc:

Description

Trying to log in with cookies disabled exhibits the following behavior:

  1. Logging in as admin or user using incorrect username and/or password = error message "Cookies are blocked..." displayed along with error message about login information being incorrect
  2. Logging in as admin or user using the correct username and password = no error messages at all

In the second case, we would expect that the error message "Cookies are blocked..." would still be displayed. Instead the page just reloads to the login screen with no indication of what went wrong with the login.

We tried deactivating all plugins and using the default theme, but still saw the issue. We can reproduce the issue as far back as Wordpress 3.2 on various sites.

Attachments (1)

24961.patch (1.6 KB) - added by azaozz 19 months ago.

Download all attachments as: .zip

Change History (7)

comment:1 @azaozz19 months ago

Confirmed. Seems the check for cookies has to be before wp_signon(), no point trying to set more cookies.

@azaozz19 months ago

comment:2 @azaozz19 months ago

  • Component changed from General to Administration
  • Milestone changed from Awaiting Review to 3.7

comment:3 @swissspidy19 months ago

  • Keywords has-patch needs-testing added

comment:4 @desrosj19 months ago

Patch solves the issue for me.

Just wanted to make sure it was intended, but if I use an existing username and enter an incorrect password pre-patch, it warns me the password is incorrect/or empty, and that I do not have cookies enabled.

After the patch, there is no warning for incorrect passwords, only that cookies are disabled.

Last edited 19 months ago by desrosj (previous) (diff)

comment:5 @nacin19 months ago

Just wanted to make sure it was intended, but if I use an existing username and enter an incorrect password pre-patch, it warns me the password is incorrect/or empty, and that I do not have cookies enabled.

I think if cookies are disabled, that's probably the only warning they need. They have to attempt the login again anyway after turning on cookies.

comment:6 @azaozz19 months ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 25045:

In wp-login.php check if cookies are enabled before attempting to log the user in with wp_signon(), fixes #24961.

Note: See TracTickets for help on using tickets.