#47480 closed enhancement (fixed)
Set expiration of the recovery mode cookie
Reported by: | david.binda | Owned by: | sergey |
---|---|---|---|
Milestone: | 5.3 | Priority: | normal |
Severity: | normal | Version: | 5.2 |
Component: | Site Health | Keywords: | servehappy commit has-patch |
Focuses: | Cc: |
Description
The recovery mode cookie is set with no expiration, but any request containing a recovery mode cookie is handled by WordPress as a request which is attempting to enter the recovery mode and the validity of the cookie is being checked during the request processing, which includes a expiration of the cookie (by default set to a week).
It means that whenever a recovery mode is entered and not properly existed via a button in wp-admin, the recovery cookie stays in the browser and WordPress would eventually presents a wp_die
error page to a user who did not exit the recovery mode by expected path. The UI is quite rough, as it requires the user to manually reload the page in order to access their WordPress site again.
It feels like such an edge-case could be mitigated by setting the cookie's expiration to the same amount of time for which the token in it is valid - eg.: to a week by default.
Attachments (2)
Change History (14)
#3
@
6 years ago
Thanks for the feedback @TimothyBlynJacobs ! I've just uploaded an enhanced diff.
Just to explain the original notation - I've been following an example in wp_set_auth_cookie, which does the same stuff. But I'm fine with either :)
Please, let me know if it works for you, thanks!
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
5 years ago
#5
@
5 years ago
- Keywords needs-refresh added
- Milestone changed from Awaiting Review to 5.3
Marking at 5.3 for merge. @davidbinda can you update the docs and I will get this merged.
#6
@
5 years ago
@spacedmonkey , sure, just, I'm not really sure how the docs should be updated. Do you think the since doc? The filter actually exists since 5.2. Or should the docs for the filter mention that the length is actually not used only for validity, but also for the cookie expiration? Thanks for clarifying this!
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
5 years ago
#9
@
5 years ago
- Keywords needs-patch commit added; needs-refresh has-patch removed
- Owner set to sergey
- Status changed from new to assigned
@david.binda You are right. Forget me. I will mark this for commit.
This gets a +1 from me. But I think the
apply_filters
call and thetime() +
expression should probably be separated into two different statements.$length = apply_filters();
$expire = time() + $length;