Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#29668 closed defect (bug) (invalid)

Runaway sessions

Reported by: johnbillion's profile johnbillion Owned by:
Milestone: Priority: high
Severity: normal Version: 4.0
Component: Security Keywords:
Focuses: Cc:


I'm seeing a new token being added to each user's session array (the session_tokens user meta field) on every single page load (in the admin area and on the front end).

Reproduced on multiple installs. Currently debugging to find the cause.

Change History (4)

#1 @johnbillion
10 years ago

  • Component changed from Users to Security

#2 @nacin
10 years ago

Cannot reproduce. This would happen if someone was calling wp_set_auth_cookie() on every pageload.

#3 @miqrogroove
10 years ago

Tested RC2 and 4.0 using my admin login. worksforme.

#4 @johnbillion
10 years ago

  • Milestone 4.0.1 deleted
  • Resolution set to invalid
  • Status changed from new to closed

I thought there wasn't a common plugin between the sites, but there is. Query Monitor's authentication component is the culprit. Gosh diddly darn it.

Note: See TracTickets for help on using tickets.