Opened 8 years ago
Last modified 8 years ago
#40060 new defect (bug)
Define ADMIN_COOKIE_PATH cause unreachable /wp-login.php
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.7.3 |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
If user is logged in and tries to open /wp-login.php page, he never couldn't do this if ADMIN_COOKIE_PATH is set to root '/' (is equal to COOKIEPATH). Instead, the redirect to /wp-admin/ will occur. Even more, many of function during page load will run twice.
In a long route of functions, the last one is wp_parse_auth_cookie(), which return false to many functions called from, which cause "true" check in wp-login.php on line 814, where unneeded redirect happens.
<?php if ( !is_wp_error($user) && !$reauth ) { ... wp_redirect( $redirect_to ); exit();
In regular situation, wp_parse_auth_cookie() return "false" when checking auth cookie on wp-login.php from path '/', because existing one is for /wp-admin path. So wp-login.php loads normally.
<?php if ( empty($_COOKIE[$cookie_name]) ) return false;
But if ADMIN_COOKIE_PATH is defined with value, that not differs from COOKIEPATH or SITECOOKIEPATH - it return "true" and forever redirect to /wp-admin/.
Any ideas to solve this?
Change History (2)
#2
@
8 years ago
Temporary fix.
<?php add_action( 'login_init', 'deal_with_ADMIN_COOKIE_PATH' ); function deal_with_ADMIN_COOKIE_PATH() { if ( ( isset( $_COOKIE[AUTH_COOKIE] ) || isset( $_COOKIE[SECURE_AUTH_COOKIE] ) ) && ADMIN_COOKIE_PATH == COOKIEPATH ) { unset( $_COOKIE[ isset( $_COOKIE[AUTH_COOKIE] ) ? AUTH_COOKIE : SECURE_AUTH_COOKIE ] ); } }
Is there is ever need to different main cookie path from admin path while the cookie name and their values are completely identical?