[wp-trac] [WordPress Trac] #42833: WordPress forces non-ssl login in described circumstance even though FORCE_SSL_ADMIN is set in wp-config (was: Wordpress forces non-ssl login in described circumstance even though FORCE_SSL_ADMIN is set in wp-config)

WordPress Trac noreply at wordpress.org
Tue Sep 21 05:54:43 UTC 2021 

#42833: WordPress forces non-ssl login in described circumstance even though
FORCE_SSL_ADMIN is set in wp-config
----------------------------+------------------------------
 Reporter:  geomouchet      |       Owner:  (none)
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:  4.9.1
 Severity:  normal          |  Resolution:
 Keywords:  needs-testing   |     Focuses:
----------------------------+------------------------------
Changes (by mikeschroder):

 * keywords:   => needs-testing


Old description:

> Wordpress provides an http login page in this circumstance:
>
> 1. Put the following in wp-config.php:  define('FORCE_SSL_ADMIN', true);
> 2. Log into your Wordpress site via wp-login.php with an admin login.
> 3. Click Visit Site (home icon) at the top of the page.
> 4. Open a new brower tab.
> 5. Log into your Wordpress site in the new tab via wp-login.php.
> 6. Go back to previous tab.
> 7. Click on Edit Page.
>
> It then displays the login box with http instead of https.  (Ideally it
> would not require a new login at all, but instead would use the session
> from the new tab.)

New description:

 Wordpress provides an http login page in this circumstance:

 1. Put the following in wp-config.php:  define('FORCE_SSL_ADMIN', true);
 2. Log into your WordPress site via wp-login.php with an admin login.
 3. Click Visit Site (home icon) at the top of the page.
 4. Open a new brower tab.
 5. Log into your Wordpress site in the new tab via wp-login.php.
 6. Go back to previous tab.
 7. Click on Edit Page.

 It then displays the login box with http instead of https.  (Ideally it
 would not require a new login at all, but instead would use the session
 from the new tab.)

--

Comment:

 Hi @geomouchet!

 Thanks so much for the report, and my apologies that it's been so long
 without a reply.

 This ticket came up in
 [https://wordpress.slack.com/archives/C02RQBWTW/p1632202929418500 a triage
 session today].

 Unfortunately, no one present at that time had an environment set up to
 test to see if this is still an issue.

 More fortunately, there have been a lot of HTTPS related improvements
 since the ticket was created, and there's a good chance that it has been
 resolved.

 Would you mind testing to see if this is still an issue for you?

 Thanks again!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/42833#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list