WordPress.org

Make WordPress Core

Changes between Initial Version and Version 2 of Ticket #27373


Ignore:
Timestamp:
03/26/2014 01:33:04 PM (7 years ago)
Author:
SergeyBiryukov
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #27373

    • Property Keywords has-patch added
  • Ticket #27373 – Description

    initial v2  
    33Before 3.7, the presence of the test cookie was only checked in case of an invalid username or password.
    44
    5 Since [25045], we always check the test cookie before calling `wp_signon()`. This made the issue much more prominent. Here are some scenarios to reproduce it:
     5Since [25045], we always check the test cookie before calling `wp_signon()`. This made the issue much more prominent. Some articles even suggest hacking core as a workaround, which induced me to investigate it.
     6
     7Here are some scenarios to reproduce it:
    68
    791. [http://wordpress.org/support/topic/cookies-are-blocked-or-not-supported-since-update-to-371/page/4?replies=105#post-4907345 "Some proxy/caching servers"] (e.g. Varnish) are configured to not allow setting cookies on GET requests. On a second attempt (after a POST request has been made), user is able to log in.