Make WordPress Core

Opened 7 years ago

Last modified 7 years ago

#40060 new defect (bug)

Define ADMIN_COOKIE_PATH cause unreachable /wp-login.php

Reported by: esemlabel's profile esemlabel Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.3
Component: Users Keywords:
Focuses: Cc:


If user is logged in and tries to open /wp-login.php page, he never couldn't do this if ADMIN_COOKIE_PATH is set to root '/' (is equal to COOKIEPATH). Instead, the redirect to /wp-admin/ will occur. Even more, many of function during page load will run twice.

In a long route of functions, the last one is wp_parse_auth_cookie(), which return false to many functions called from, which cause "true" check in wp-login.php on line 814, where unneeded redirect happens.

if ( !is_wp_error($user) && !$reauth ) {
wp_redirect( $redirect_to );

In regular situation, wp_parse_auth_cookie() return "false" when checking auth cookie on wp-login.php from path '/', because existing one is for /wp-admin path. So wp-login.php loads normally.

if ( empty($_COOKIE[$cookie_name]) )
        return false;

But if ADMIN_COOKIE_PATH is defined with value, that not differs from COOKIEPATH or SITECOOKIEPATH - it return "true" and forever redirect to /wp-admin/.

Any ideas to solve this?

Change History (2)

#1 @esemlabel
7 years ago

Is there is ever need to different main cookie path from admin path while the cookie name and their values are completely identical?

#2 @esemlabel
7 years ago

Temporary fix.

add_action( 'login_init', 'deal_with_ADMIN_COOKIE_PATH' );
function deal_with_ADMIN_COOKIE_PATH() {
Note: See TracTickets for help on using tickets.