WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 3 years ago

#27974 closed defect (bug) (invalid)

Unable to Log In, Cookies Are Blocked Due To Unexpected Output

Reported by: dejong1968 Owned by:
Milestone: Priority: normal
Severity: major Version: 3.9
Component: Login and Registration Keywords: close
Focuses: Cc:

Description

This is a follow-up to #27373.

Last Friday, all of a sudden I couldn't login to WP anymore.
I was working on my site, logged out and within a few minutes
I tried to login again. I got the message:

ERROR: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.

I googled the problem and found that more users are having the same problem:
https://wordpress.org/support/topic/unable-to-log-in-cookies-are-blocked-due-to-unexpected-output?replies=3#post-5476901

It seems to be related to a recent WP update. Up to now, there's no solution available. This seems like a bug to me. I read ticket #27373 where this is discussed, though the information shows no solution.
How can I get rid of this annoying bug so me and others can start editing our WP-sites again? Thanks in advance, greetings form the Netherlands.

Change History (31)

#1 @knutsp
5 years ago

  • Severity changed from normal to major

I just got an email from a desperate guy trying to log in to his freshly installed WordPress site (started over four times, same error with login, and later confirmed by me).

I have no idea what the root cause may be, but I hope it can be seriously investigated to see if there is something WordPress can improve to help here. Something is not right when this happens.

I will report back as soon as I have some more information.

#2 @knutsp
5 years ago

It turned out, in this case at least, that wp-config.php had file encoding UTF-8 BOM instead of the usual UTF-8.

The files was uploaded from a zip download/extract of WordPress 3.9 nb_NO. wp-config.php was generated by the WordPress installer.

Server: Apache/2.2.8 (Ubuntu) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
MYSQL v5.5.28-29.2

#3 follow-up: @SergeyBiryukov
5 years ago

I read ticket #27373 where this is discussed, though the information shows no solution.

I've outlined two possible reasons in that ticket:

  1. One of the active plugins (or the theme's functions.php file) produces unexpected output, causing a "headers already sent" warning and consequently preventing WordPress from setting the test cookie.
  2. UTF-8 byte order mark in wp-config.php (or theme's functions.php file) has the same effect as above.

You should be able to find out the culprit by looking into server error logs.

In case of a plugin issue, the solution would be to rename its folder via FTP. In case of a UTF-8 byte order mark issue, the solution is to re-save the file without it. Notepad++ has an option for that: "Convert to UTF-8 without BOM".

#4 @dejong1968
5 years ago

Thanks for your info. I'm getting closer to the solution. I use a WP-theme from www.themefuse.com I wanted some English text to be replaces by Dutch text, so with instructions of the themefuse-moderators, I modified a certain file. After that, the problem occured.
What I did then was deliberately change the name of the plugins-map to see what the error code would be. When I went back to the login-page, i got this:

+++begin errorcode
Warning: Cannot modify header information - headers already sent by (output started at ../wp/wp-content/themes/medica-child/theme_config/widgets/TF_Widget_Contact.php:1) in ../wp/wp-login.php on line 414

Warning: Cannot modify header information - headers already sent by (output started at ../wp/wp-content/themes/medica-child/theme_config/widgets/TF_Widget_Contact.php:1) in ../wp/wp-login.php on line 426
+++end errorcode

So that gave me the answer: this file is somehow corrupted. I have backups so I can restore this file to see what happens. I'm 99% sure this will solve it. But to make sure everything goes well, I'll do that together with the themefuse-moderators (when they're awake, it's 10.30 in the morning here in Holland).

As soon as I'm any further on this, I'll report here.

Last edited 5 years ago by dejong1968 (previous) (diff)

#5 @SergeyBiryukov
5 years ago

output started at ../wp/wp-content/themes/medica-child/theme_config/widgets/TF_Widget_Contact.php:1

The number after the colon is a line number where the unexpected output occurs. Line number 1 usually means the file is saved with UTF-8 byte order mark, which should be removed.

See How do I solve the Headers already sent warning problem? on Codex.

Aside from blocking cookies, unexpected output also breaks AJAX requests in the admin, making it impossible to view files from Media Library in the "Add Media" modal, etc.

This looks more like a support issue to me, I don't think we can do anything here from the core perspective. Provide better docs maybe?

Related: #15710, #17197.

#6 @dejong1968
5 years ago

Dear Mr. Biryukov,

Thanks for your quick reply. You're right: this has become something between me and themefuse-support. If solved, I still report it here though, because the steps that lead to the solution might be useful for others in the future. Best regards, Richard

#7 follow-up: @knutsp
5 years ago

Any clue to how the Byte Order Mark gets into wp-config.php at installation time?

#8 in reply to: ↑ 7 ; follow-up: @SergeyBiryukov
5 years ago

Replying to knutsp:

Any clue to how the Byte Order Mark gets into wp-config.php at installation time?

It does if you're creating wp-config.php manually by editing wp-config-sample.php in Windows Notepad, and the file contains UTF-8 characters. See comment:5:ticket:23025.

#9 in reply to: ↑ 8 @knutsp
5 years ago

Replying to SergeyBiryukov:

It does if you're creating wp-config.php manually by editing wp-config-sample.php in Windows Notepad, and the file contains UTF-8 characters.

Thank you. I now see that wp-config-sample.php has gone in the case I was referring to. Investigating further.

#10 @knutsp
5 years ago

  • Keywords close added

It turns out that the case I was referring to was such a case of using Windows Notepad to edit wp-config.php, after all.

#11 in reply to: ↑ 3 @stevenduque
5 years ago

Thanks for the advice on renaming the plug-in folders. It helped me isolate what was causing it, and the problem is solved!

Replying to SergeyBiryukov:

I read ticket #27373 where this is discussed, though the information shows no solution.

I've outlined two possible reasons in that ticket:

  1. One of the active plugins (or the theme's functions.php file) produces unexpected output, causing a "headers already sent" warning and consequently preventing WordPress from setting the test cookie.
  2. UTF-8 byte order mark in wp-config.php (or theme's functions.php file) has the same effect as above.

You should be able to find out the culprit by looking into server error logs.

In case of a plugin issue, the solution would be to rename its folder via FTP. In case of a UTF-8 byte order mark issue, the solution is to re-save the file without it. Notepad++ has an option for that: "Convert to UTF-8 without BOM".

#12 @JorgeW
5 years ago

Hi

This is what worked for me:

Problem seemed to arise after using a plugin that was ment for being able to use SVG image files within WP pages.

1.- Via ftp located the plugin in the plugins folder and renamed it.

2.- Reloaded my WP login page. Error message was gone but could not login via my current password.

3.- Followed reset password procedure and.. back to work!!!

#13 follow-up: @michaelconroy
5 years ago

I've got the same issue. I'm locked out of my WP dashboard. Message on login box says "ERROR: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums."

I've followed the recommendations above with no success:-

  1. I've individually renamed all the various plugin folders and reloaded the WP login page
  2. Via ftp I've reinstalled the functions.php file for the active theme
  3. I've opened the wp-config.php file and reloaded it ensuring that it's been saved in UTF-8 format.

I've requested access to the log filed from my hosting provider. I'm hoping this might identify the problem file.

Any other suggestions?

What is my solution if the source of the error remains unfound?

Thanks

Mike

#14 @michaelconroy
5 years ago

Incidentally when I list the contents of /public_html/wp-content/plugins I don't see folders for all the plugins that I'd installed

#15 in reply to: ↑ 13 @JorgeW
5 years ago

Replying to michaelconroy:

Well, in fact I did something previous to that, because I had a complete blank login page prior to the blocked cookies issue.

I had a *clean* downloaded backup copy of my whole WP folder (e.g. WP1) which I uploaded to a new folder I just created for that (e.g. WP2). When I browsed to the backed up login file on this new folder (WP2), the login sent me to the first folder (WP1, as so it is defined in the wp-config.php to look at the -non modified- MySQL data-base ) and the error message was gone, although I had to reset my password, as mentioned in my first post.

So hopefully you have a backup copy to try to play with.

BTW if you look at the wp-login.php file, there it states the following regarding the blocked cookies error message.

	// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
	// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
	// the admin via http or https.

	$user = wp_signon( '', $secure_cookie );

	if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
		if ( headers_sent() ) {
			$user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
				__( 'http://codex.wordpress.org/Cookies' ), __( 'https://wordpress.org/support/' ) ) );
		} elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
			// If cookies are disabled we can't log in even with a valid user+pass
			$user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
				__( 'http://codex.wordpress.org/Cookies' ) ) );
		}
	

Does it say something to you?

#16 @michaelconroy
5 years ago

Thank you JorgeW.

Sadly I have no backup - I know, I know! - so your helpful suggestion isn't really a "runner" for me. If I can't fix it soon I think I'll just do a clean re-install of WP etc. The site shouldn't take so long to re-construct this time, now I know, a bit better, what I'm doing.

M

#17 @michaelconroy
5 years ago

Ah so now I've managed to get hold of the log files and opened them in Notepad++.

The offending plugin is Yoast's breadcrumbs.

Can anyone tell me how to fix the problem now please?

These are some sample lines from the log file:-

20:53:05 GET /wp-admin/plugins.php error=true&plugin=breadcrumbs%2Fyoast-breadcrumbs.php&_error_nonce=4585556518 200 15968 http://www.fusionrecruitmentsolutions.com/wp-admin/update.php?action=upload-plugin Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+Touch;+MASMJS;+rv:11.0)+like+Gecko
	Line 8303: www.fusionrecruitmentsolutions.com 46.208.0.21 - 2014-04-30 20:53:08 GET /wp-admin/plugins.php action=error_scrape&plugin=breadcrumbs/yoast-breadcrumbs.php&_wpnonce=4585556518 200 635 http://www.fusionrecruitmentsolutions.com/wp-admin/plugins.php?error=true&plugin=breadcrumbs%2Fyoast-breadcrumbs.php&_error_nonce=4585556518 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+Touch;+MASMJS;+rv:11.0)+like+Gecko
	Line 8303: www.fusionrecruitmentsolutions.com 46.208.0.21 - 2014-04-30 20:53:08 GET /wp-admin/plugins.php action=error_scrape&plugin=breadcrumbs/yoast-breadcrumbs.php&_wpnonce=4585556518 200 635 http://www.fusionrecruitmentsolutions.com/wp-admin/plugins.php?error=true&plugin=breadcrumbs%2Fyoast-breadcrumbs.php&_error_nonce=4585556518 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+Touch;+MASMJS;+rv:11.0)+like+Gecko
Line 8383: www.fusionrecruitmentsolutions.com 46.208.0.21 - 2014-04-30 21:05:20 POST /wp-admin/admin-ajax.php - 200 500 http://www.fusionrecruitmentsolutions.com/wp-admin/plugins.php?error=true&plugin=breadcrumbs%2Fyoast-breadcrumbs.php&_error_nonce=4585556518 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+Touch;+MASMJS;+rv:11.0)+like+Gecko
	Line 8384: www.fusionrecruitmentsolutions.com 46.208.0.21 - 2014-04-30 21:05:23 GET /wp-admin/plugin-editor.php file=breadcrumbs/yoast-breadcrumbs.php 200 14111 http://www.fusionrecruitmentsolutions.com/wp-admin/plugins.php?error=true&plugin=breadcrumbs%2Fyoast-breadcrumbs.php&_error_nonce=4585556518 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+Touch;+MASMJS;+rv:11.0)+like+Gecko

I could upload all the details if it would help?

wop-admin/plugins.php is the named file?

Mike

Last edited 5 years ago by SergeyBiryukov (previous) (diff)

#18 @michaelconroy
5 years ago

I've renamed the braedcrumbs files to no effect

#19 @knutsp
5 years ago

Please use the support forums to resolve your issues looking like this one. It now seems very established that this is not at all a bug in WordPress core. http://wordpress.org/support/

#20 @knutsp
5 years ago

  • Resolution set to invalid
  • Status changed from new to closed

#21 @SergeyBiryukov
5 years ago

  • Milestone Awaiting Review deleted

#22 @haigiang02
4 years ago

How to fix this problem:

  1. Open up wp-config.php
  2. Remove any space or anything before the <?php
  3. Remove anything after the ?>
  4. Make sure the encoding is UTF-8 (Without BOM)

#23 follow-up: @jesserhys
4 years ago

Hi, I have tried all of the above (checked/fixed wp-config.php), however i still cannont log in.

I get
ERROR: Cookies are blocked due to unexpected output.

Warning: Cannot modify header information - headers already sent by (output started at /home/brain281/public_html/wp-content/themes/optimizer/framework/core-pagination.php:13) in /home/brain281/public_html/wp-login.php on line 425

Warning: Cannot modify header information - headers already sent by (output started at /home/brain281/public_html/wp-content/themes/optimizer/framework/core-pagination.php:13) in /home/brain281/public_html/wp-login.php on line 438

Warning: Cannot modify header information - headers already sent by (output started at /home/brain281/public_html/wp-content/themes/optimizer/framework/core-pagination.php:13) in /home/brain281/public_html/wp-includes/pluggable.php on line 925

Warning: Cannot modify header information - headers already sent by (output started at /home/brain281/public_html/wp-content/themes/optimizer/framework/core-pagination.php:13) in /home/brain281/public_html/wp-includes/pluggable.php on line 926

Warning: Cannot modify header information - headers already sent by (output started at /home/brain281/public_html/wp-content/themes/optimizer/framework/core-pagination.php:13) in /home/brain281/public_html/wp-includes/pluggable.php on line 927

So I have opened core-pagination.php, and this is what it says:

09: * @since Optimizer 1.0
10: */
11:global $optimizer;?>
12:
13:<?php function optimizer_pagination($navigation='numbered', $query='') { ?>
14:
15:		<?php if($navigation !== 'no_nav') { ?>
16:        
17:                <?php if($navigation == 'numbered' || $navigation == 'numbered_ajax') { ?>
18:                    <div class="ast_pagenav">

im still not sure what the error is with line 13, any help would be much appreciated!

Last edited 4 years ago by SergeyBiryukov (previous) (diff)

#24 in reply to: ↑ 23 ; follow-ups: @SergeyBiryukov
4 years ago

Replying to jesserhys:

im still not sure what the error is with line 13, any help would be much appreciated!

There should be no ?> <?php sequence in lines 11—13:

global $optimizer;

function optimizer_pagination($navigation='numbered', $query='') { ?>

Looks like the issue is caused by the Optimizer theme and should be reported to the theme author.

Last edited 4 years ago by SergeyBiryukov (previous) (diff)

#25 in reply to: ↑ 24 @jesserhys
4 years ago

Thank you very much,

That's sorted the problem immediately! I have reported the error to the authors.

Again, thank you for sharing your knowledge

Replying to SergeyBiryukov:

Replying to jesserhys:

im still not sure what the error is with line 13, any help would be much appreciated!

There should be no ?> <?php sequence in lines 11—13:

global $optimizer;

function optimizer_pagination($navigation='numbered', $query='') { ?>

Looks like the issue is caused by the Optimizer theme and should be reported to the theme author.

Last edited 4 years ago by SergeyBiryukov (previous) (diff)

#26 in reply to: ↑ 24 ; follow-up: @katromanoff
3 years ago

  • Severity changed from major to critical
Last edited 3 years ago by katromanoff (previous) (diff)

#27 in reply to: ↑ 26 ; follow-up: @SergeyBiryukov
3 years ago

  • Severity changed from critical to major

Replying to katromanoff:

So I opened the installer.php:1951 and this is what I see

I haven't used the Duplicator plugin, but the installer.php file is not a part of WordPress core. I'd suggest making a backup of the file and removing it. If that doesn't help, try contacting the Duplicator plugin authors.

#28 @wjmverheijen
3 years ago

Hallo dejong1968,

heb je het probleem al opgelost ?

Ik heb namelijk het zelfde probleem

Groet Wiel

#29 in reply to: ↑ 27 ; follow-up: @wjmverheijen
3 years ago

Replying to SergeyBiryukov:

Replying to katromanoff:

So I opened the installer.php:1951 and this is what I see

I haven't used the Duplicator plugin, but the installer.php file is not a part of WordPress core. I'd suggest making a backup of the file and removing it. If that doesn't help, try contacting the Duplicator plugin authors.

Hello Sergey Biryukov, can you help me, I have the same problem, i can not log in

Last edited 3 years ago by SergeyBiryukov (previous) (diff)

#30 in reply to: ↑ 29 ; follow-up: @SergeyBiryukov
3 years ago

Hi @wjmverheijen,

  1. This Trac is for reporting bugs in WordPress, not for support. Please try the support forums.
  2. Don't ever post your wp-config.php credentials online.

#31 in reply to: ↑ 30 @wjmverheijen
3 years ago

Replying to SergeyBiryukov:

Hi @wjmverheijen,

  1. This Trac is for reporting bugs in WordPress, not for support. Please try the support forums.
  2. Don't ever post your wp-config.php credentials online.

Could you help me?
I've been on five forums, but nobody has a solution

Last edited 3 years ago by wjmverheijen (previous) (diff)
Note: See TracTickets for help on using tickets.