[wp-trac] [WordPress Trac] #15243: Incorrect user is set when using Ajax Nonces over HTTPS Connection

WordPress Trac wp-trac at lists.automattic.com
Thu Oct 28 18:29:44 UTC 2010 

#15243: Incorrect user is set when using Ajax Nonces over HTTPS Connection
----------------------------+-----------------------------------------------
 Reporter:  jeremysawesome  |       Owner:                                                
     Type:  defect (bug)    |      Status:  new                                           
 Priority:  normal          |   Milestone:  Awaiting Review                               
Component:  General         |     Version:  3.0.1                                         
 Severity:  normal          |    Keywords:  ajax, user, nonce, verify, https, fail, secure
----------------------------+-----------------------------------------------

Comment(by jeremysawesome):

 Here is also a second attempt that illustrates the same issue:

 {{{
 Attempt 2 OVER HTTPS:
    ---------- When not logged in wp_create_nonce ----------
    Array
    (
       [user_id] => 0
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => d0a78cb732
    )

    ---------- When not logged in wp_verify_nonce ----------
    Array
    (
       [user_id] => 0
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => d0a78cb732
    )

    ---------- When logged in wp_create_nonce ----------
    Array
    (
       [user_id] => 1
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => 75855d4e1d
    )

    ---------- When logged in wp_verify_nonce ----------
    Array
    (
       [user_id] => 0
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => d0a78cb732
    )

 Attempt 2 OVER HTTP:
    ---------- When not logged in wp_create_nonce ----------
    Array
    (
       [user_id] => 0
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => d0a78cb732
    )

    ---------- When not logged in wp_verify_nonce ----------
    Array
    (
       [user_id] => 0
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => d0a78cb732
    )

    ---------- When logged in wp_create_nonce ----------
    Array
    (
       [user_id] => 1
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => 75855d4e1d
    )

    ---------- When logged in wp_verify_nonce ----------
    Array
    (
       [user_id] => 1
       [i] => 29810
       [action] => dna_wpec_reps_nonce
       [wp_hash] => 75855d4e1d
    )
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15243#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list