Make WordPress Core

Opened 11 years ago

Closed 10 years ago

#25901 closed defect (bug) (invalid)

/wp-admin/customize.php can't be navigated to with wp_redirect()

Reported by: brianfeister's profile brianfeister Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.6.1
Component: Login and Registration Keywords: reporter-feedback
Focuses: multisite Cc:


With WordPress Multisite, programmatically creating a new user, with $activate_signup(), then logging that user in via wp_signon()works, but when trying to automatically move the user the theme customizer page (the focus of my Multisite network), I get a "Session expired. Please log in again. You will note move away from this page." Clicking "close" on the customizer frame takes the user back to the dashboard without asking for authentication. Is this happening because the Theme Customizer is in some way different than other wp-admin areas and cannot be the "first-navigated" admin page when a user initially authenticates?

This may be a bug or a feature request, I would need some clarification.

activate_signup = wpmu_activate_signup();

$creds = array();
$creds['user_login'] = $passed['username'];
$creds['user_password'] = $activate_signup['password'];
$creds['remember'] = true;
$user = wp_signon( $creds, false );

wp_redirect( 'http://' . $subdomain . '/wp-admin/customize.php' ); // $subdomain is captured via a signup form and is outside this snippet

Change History (3)

#1 @jeremyfelt
10 years ago

  • Keywords reporter-feedback close added

Thanks for the report, @brianfeister. I attempted to reproduce the issue in current trunk with both subdomain and subfolder setups, but am unable to do so.


  1. I setup a standard multisite (subdirectory) and enabled registration for users and sites. I then registered for the user/site test1 at
  2. Received email with activation key.
  3. Added activation key and login/site to this code block in Twenty Fourteen's header.php:
    if ( isset( $_GET['fake_activate'] ) ) {
    	$activate_signup = wpmu_activate_signup( '634c27dc12ebb4ec' );
    	$creds = array();
    	$creds['user_login'] = 'test1';
    	$creds['user_password'] = $activate_signup['password'];
    	$creds['remember'] = true;
    	$user = wp_signon( $creds, false );
    	wp_redirect( '' );
  4. Visit
  5. Browser redirects to without complaint and logged in as the test1 user.

The only thing that I can think of immediately from your example is that wpmu_activate_signup() does not have an activation key specified. Also, if you are handling the creation of the site through a custom form (resulting in the generation of $subdomain, it is possible that a step is being missed that would normally be handled by core.

#2 @jeremyfelt
10 years ago

  • Component changed from Multisite to Login and Registration
  • Focuses multisite added
  • Keywords close removed
  • Milestone Awaiting Review deleted

Closing this out for now. Please feel free to reopen with feedback.

#3 @TobiasBg
10 years ago

  • Resolution set to invalid
  • Status changed from new to closed

Actually closing this, as jeremyfelt intended to do.

Note: See TracTickets for help on using tickets.