[wp-trac] [WordPress Trac] #27373: "Cookies are blocked" error is misleading

Wed Mar 12 11:02:05 UTC 2014

#27373: "Cookies are blocked" error is misleading
------------------------------------+-----------------
 Reporter:  SergeyBiryukov          |      Owner:
     Type:  defect (bug)            |     Status:  new
 Priority:  normal                  |  Milestone:  3.9
Component:  Login and Registration  |    Version:  3.7
 Severity:  normal                  |   Keywords:
  Focuses:                          |
------------------------------------+-----------------
 A lot of users reported
 [https://www.google.com/search?q=%22Cookies+are+blocked+or+not+supported%22
 ""Cookies are blocked or not supported by your browser""] error on login
 page after the upgrade to 3.7. Most of the time it has nothing to do with
 their browser.

 Before 3.7, the presence of the test cookie was only checked in case of an
 invalid username or password.

 Since [25045], we always check the test cookie before calling
 `wp_signon()`. This made the issue much more prominent. Here are some
 scenarios to reproduce it:

 1. [http://wordpress.org/support/topic/cookies-are-blocked-or-not-
 supported-since-update-to-371/page/4?replies=105#post-4907345 "Some
 proxy/caching servers"] (e.g. Varnish) are configured to not allow setting
 cookies on GET requests. On a second attempt (after a POST request has
 been made), user is able to log in.
 2. One of the active plugins (or the theme's `functions.php` file)
 produces unexpected output, causing a "headers already sent" warning and
 consequently preventing WordPress from setting the test cookie.
 3. [https://en.wikipedia.org/wiki/Byte_order_mark UTF-8 byte order mark]
 in `wp-config.php` (or theme's `functions.php` file) has the same effect
 as above.
 4. [http://wordpress.org/support/topic/error-cookies-are-blocked-or-not-
 supported-by-your-browser-1?replies=10#post-5172053 Invalid COOKIE_DOMAIN
 value] in `wp-config.php`. According to the original
 [http://curl.haxx.se/rfc/cookie_spec.html cookie specification], the
 domain value, if specified, must have at least two dots, so
 [http://stackoverflow.com/questions/1134290/cookies-on-localhost-with-
 explicit-domain 'localhost' is invalid].
 5. [http://wordpress.org/support/topic/cookies-are-blocked-or-not-
 supported-by-your-browser-1?replies=18#post-5003387 CloudFlare caching
 rules] prevent the test cookie from being set.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/27373>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform