Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#25901 closed defect (bug) (invalid)

/wp-admin/customize.php can't be navigated to with wp_redirect()

Reported by: brianfeister Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.6.1
Component: Login and Registration Keywords: reporter-feedback
Focuses: multisite Cc:


With WordPress Multisite, programmatically creating a new user, with $activate_signup(), then logging that user in via wp_signon()works, but when trying to automatically move the user the theme customizer page (the focus of my Multisite network), I get a "Session expired. Please log in again. You will note move away from this page." Clicking "close" on the customizer frame takes the user back to the dashboard without asking for authentication. Is this happening because the Theme Customizer is in some way different than other wp-admin areas and cannot be the "first-navigated" admin page when a user initially authenticates?

This may be a bug or a feature request, I would need some clarification.

activate_signup = wpmu_activate_signup();

$creds = array();
$creds['user_login'] = $passed['username'];
$creds['user_password'] = $activate_signup['password'];
$creds['remember'] = true;
$user = wp_signon( $creds, false );

wp_redirect( 'http://' . $subdomain . '/wp-admin/customize.php' ); // $subdomain is captured via a signup form and is outside this snippet

Change History (3)

#1 @jeremyfelt
7 years ago

  • Keywords reporter-feedback close added

Thanks for the report, @brianfeister. I attempted to reproduce the issue in current trunk with both subdomain and subfolder setups, but am unable to do so.


  1. I setup a standard multisite (subdirectory) and enabled registration for users and sites. I then registered for the user/site test1 at http://src.wordpress-develop.dev/wp-signup.php
  2. Received email with activation key.
  3. Added activation key and login/site to this code block in Twenty Fourteen's header.php:
    if ( isset( $_GET['fake_activate'] ) ) {
    	$activate_signup = wpmu_activate_signup( '634c27dc12ebb4ec' );
    	$creds = array();
    	$creds['user_login'] = 'test1';
    	$creds['user_password'] = $activate_signup['password'];
    	$creds['remember'] = true;
    	$user = wp_signon( $creds, false );
    	wp_redirect( 'http://test1.src.wordpress-develop.dev/wp-admin/customize.php' );
  4. Visit http://test1.src.wordpress-develop.dev/?fake_activate
  5. Browser redirects to http://test1.src.wordpress-develop.dev/wp-admin/customize.php without complaint and logged in as the test1 user.

The only thing that I can think of immediately from your example is that wpmu_activate_signup() does not have an activation key specified. Also, if you are handling the creation of the site through a custom form (resulting in the generation of $subdomain, it is possible that a step is being missed that would normally be handled by core.

#2 @jeremyfelt
7 years ago

  • Component changed from Multisite to Login and Registration
  • Focuses multisite added
  • Keywords close removed
  • Milestone Awaiting Review deleted

Closing this out for now. Please feel free to reopen with feedback.

#3 @TobiasBg
7 years ago

  • Resolution set to invalid
  • Status changed from new to closed

Actually closing this, as jeremyfelt intended to do.

Note: See TracTickets for help on using tickets.