Opened 10 years ago
Last modified 7 years ago
#36317 new enhancement
Introduce a cookie prefix default constant
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Login and Registration | Keywords: | 2nd-opinion |
| Focuses: | Cc: |
Description (last modified by )
Right now, all of WordPress's cookies are prefixed with the same wordpress namespace. A problem arises with advanced-cache.php caching solutions that load before wp_cookie_constants() is called, where the cookie prefix cannot be guessed.
The current work around is to stab at each cookie individually:
// Auth cookie
if ( defined( 'AUTH_COOKIE' ) && ( $this->cookie === AUTH_COOKIE ) ) {
return true;
}
// User cookie
if ( defined( 'USER_COOKIE' ) && ( $this->cookie === USER_COOKIE ) ) {
return true;
}
// Logged-in cookie
if ( defined( 'LOGGED_IN_COOKIE' ) && ( $this->cookie === LOGGED_IN_COOKIE ) ) {
return true;
}
And to special case the test cookie, like:
// Generic 'wordpress' cookies (that are not test cookies)
if ( ( substr( $this->cookie, 0, 9 ) === 'wordpress' ) && ( $this->cookie !== 'wordpress_test_cookie' ) ) {
return true;
}
But without a known and trusted cookie prefix, it's still an unpredictable environment.
I'd like to re-propose an 8 year old issue (#6413) to introduce a new default constant to define a cookie prefix. This could turn the above snippet into something at least slightly more sane, like:
// Generic 'wordpress' cookies (that are not test cookies)
if ( defined( 'COOKIEPREFIX' ) ) {
$len = strlen( COOKIEPREFIX );
if ( substr( $this->cookie, 0, $len ) === COOKIEPREFIX ) && ( false !== strpos( $this->cookie, 'test_cookie', $len ) ) {
return true;
}
}
A COOKIEPREFIX constant would also allow plugins an easy way to drop themselves inside of WordPress's cookie namespace, which will help them play more nicely in environments where WordPress is not the only application within the domain.