Logout when logged in from another browser in 6.8.1

[repli2dev]

Since upgrade to WP 6.8.1 we got plenty of complains about being logged out when logging from another browser (as the same user)... This did not happened before.

Reproduction steps:

• Docker compose DB + WP 6.7.2
• Setup new instance
• Upgrade via UI to WP 6.8.1
• Login in from one browser as the user
• Login from another browser as the same user
• Refresh the first browser
• Seeing logged out state

Downgrade to 6.8 fixes the issue.

[repli2dev]

Starting docker compose yaml

[repli2dev]

Trying to dig into the changes, could this be somehow related to the recent bcrypt change?

[repli2dev]

It was related somehow.

While the reproduction works, it seems that it only works once as the password hash is rehashed to bcrypt on first login which also force log out other user sessions.

It shouln't happen in a loop, but together with plugin for bcrypt it creates a loop when WP rehash it and save it while the plugin does the same but without the prefix... so each login rehash the password and force log out all user sessions.

After disabling the plugin the issue is fixed, so closing.

[johnbillion]

Thanks for the update @repli2dev . Which bcrypt plugin were you using?

[karthikeya01]

@johnbillion

I was able to reproduce the issue when the wp-password-bcrypt​https://github.com/roots/wp-password-bcrypt package (mu-plugin) is present. Removing the package resolves the issue. Also the plugin has been archived following the release of WordPress 6.8. ​https://roots.io/sunsetting-wp-password-bcrypt-with-wordpress-6-8/

[repli2dev]

@johnbillion

Yes I was using the mentioned ​https://github.com/roots/wp-password-bcrypt plugin too