[wp-trac] [WordPress Trac] #60090: Double login with cloned wordpress instance
WordPress Trac
noreply at wordpress.org
Mon Dec 18 08:21:23 UTC 2023
#60090: Double login with cloned wordpress instance
-------------------------------------------------+-------------------------
Reporter: vchn | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Security | Version: 6.4.2
Severity: major | Keywords:
Focuses: administration, performance, |
privacy |
-------------------------------------------------+-------------------------
We use Flatsome theme, from cPanel, use WordPress Manager by Softaculous
feature to clone a "live" wordpress to new "staging" website.
"live" one is in domain: something.edu.vn
"staging" one is in domain: stage.something.edu.vn
Both websites use single hosting, i.e no CDN installed.
As they are cloned from another, two sites have same config salf keys
(SECURE_AUTH_SALT, AUTH_KEY, LOGGED_IN_KEY,
NONCE_KEY,AUTH_SALT,LOGGED_IN_SALT,NONCE_SALT)
Open staging site, log in with an admin user (e.x ''adminuser'')
Open same browser new tab.
Browse "live" site, just refresh few times then we see that ''adminuser''
as logged in the "live" site.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60090>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list