Make WordPress Core

Opened 9 years ago

Last modified 6 years ago

#36317 new enhancement

Introduce a cookie prefix default constant

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: 2nd-opinion
Focuses: Cc:

Description (last modified by johnjamesjacoby)

Right now, all of WordPress's cookies are prefixed with the same wordpress namespace. A problem arises with advanced-cache.php caching solutions that load before wp_cookie_constants() is called, where the cookie prefix cannot be guessed.

The current work around is to stab at each cookie individually:

// Auth cookie
if ( defined( 'AUTH_COOKIE' ) && ( $this->cookie === AUTH_COOKIE ) ) {
	return true;
}

// User cookie
if ( defined( 'USER_COOKIE' ) && ( $this->cookie === USER_COOKIE ) ) {
	return true;
}

// Logged-in cookie
if ( defined( 'LOGGED_IN_COOKIE' ) && ( $this->cookie === LOGGED_IN_COOKIE ) ) {
	return true;
}

And to special case the test cookie, like:

// Generic 'wordpress' cookies (that are not test cookies)
if ( ( substr( $this->cookie, 0, 9 ) === 'wordpress' ) && ( $this->cookie !== 'wordpress_test_cookie' ) ) {
	return true;
}

But without a known and trusted cookie prefix, it's still an unpredictable environment.


I'd like to re-propose an 8 year old issue (#6413) to introduce a new default constant to define a cookie prefix. This could turn the above snippet into something at least slightly more sane, like:

// Generic 'wordpress' cookies (that are not test cookies)
if ( defined( 'COOKIEPREFIX' ) ) {
	$len = strlen( COOKIEPREFIX );
	if ( substr( $this->cookie, 0, $len ) === COOKIEPREFIX ) && ( false !== strpos( $this->cookie, 'test_cookie', $len ) ) {
		return true;
	}
}

A COOKIEPREFIX constant would also allow plugins an easy way to drop themselves inside of WordPress's cookie namespace, which will help them play more nicely in environments where WordPress is not the only application within the domain.

Change History (2)

#1 @johnjamesjacoby
9 years ago

  • Description modified (diff)

#2 @johnjamesjacoby
9 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.