Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #25767, comment 1


Ignore:
Timestamp:
10/30/2013 08:04:01 AM (11 years ago)
Author:
mark-k
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #25767, comment 1

    initial v1  
    11maybe it is good that this fails as this is a bad idea to have that kind of a configuration. you are sending the cookies encrypted when you are in the admin section but unencrypted when you are on the frontend. If part of the site is SSLed then once a user login all of the site should be SSLed for him.
     2
     3If you send the authentication cookies as secure only cookies then you derive your users from any personalization of the front end (no adminbar for admins for example)
    24
    35Maybe the true bug here is that you can have a protocol mismatch between home and siteurl.