WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#29668 closed defect (bug) (invalid)

Runaway sessions

Reported by: johnbillion Owned by:
Milestone: Priority: high
Severity: normal Version: 4.0
Component: Security Keywords:
Focuses: Cc:

Description

I'm seeing a new token being added to each user's session array (the session_tokens user meta field) on every single page load (in the admin area and on the front end).

Reproduced on multiple installs. Currently debugging to find the cause.

Change History (4)

#1 @johnbillion
6 years ago

  • Component changed from Users to Security

#2 @nacin
6 years ago

Cannot reproduce. This would happen if someone was calling wp_set_auth_cookie() on every pageload.

#3 @miqrogroove
6 years ago

Tested RC2 and 4.0 using my admin login. worksforme.

#4 @johnbillion
6 years ago

  • Milestone 4.0.1 deleted
  • Resolution set to invalid
  • Status changed from new to closed

I thought there wasn't a common plugin between the sites, but there is. Query Monitor's authentication component is the culprit. Gosh diddly darn it.

Note: See TracTickets for help on using tickets.