[wp-trac] [WordPress Trac] #9752: conflict: cookies with security features (auth, secure_auth, logged_in, nonce keys)

WordPress Trac wp-trac at lists.automattic.com
Thu May 7 19:56:15 GMT 2009


#9752: conflict: cookies with security features (auth, secure_auth, logged_in,
nonce keys)
----------------------------+-----------------------------------------------
 Reporter:  norwat          |       Owner:  anonymous        
     Type:  defect (bug)    |      Status:  new              
 Priority:  normal          |   Milestone:  Unassigned       
Component:  Administration  |     Version:  2.7.1            
 Severity:  major           |    Keywords:  security, cookies
----------------------------+-----------------------------------------------
 Since upgrading to WP 2.7, and including WP security features in config
 file (auth, secure_auth, logged_in, nonce keys), I have had some very
 inconsistent results working as administrator in Dashboard.

 I have two blogs on one domain.  I have tried a number of combinations:
 different security keys in config files for both blogs, same security keys
 in config files, different administrator usernames and passwords, same
 username and passwords.  But none of it seems to make a difference, I
 always get the same results.  I am able to work as administrator for a
 period, and then the dashboard freezes and keeps sending me to Log-in
 page.   The only way to get things started again, is to clear cookies,
 relaunch browser, log in and out as various users, and after some
 combination of these (it appears to be different each time), I am able to
 log-in.  Especially after one calendar date has passed.

 I am really, really frustrated by this problem.  There appears to be a bug
 or some conflict between cookies in all browsers (firefox, safari, camino,
 on Mac OS), and security features with WordPress, especially with two
 blogs located on one domain.

 Is there a fix for this ... is there something I have missed in setting up
 blogs and configuring settings for multiple blogs on a single domain.
 Right now, I have removed security features, and everything is working
 beautifully.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9752>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list