[wp-meta] [Making WordPress.org] #5239: Bring BuddyPress.org & bbPress.org login forms over to login.wordpress.org
Making WordPress.org
noreply at wordpress.org
Fri Jun 19 00:13:27 UTC 2020
#5239: Bring BuddyPress.org & bbPress.org login forms over to login.wordpress.org
------------------------------------+---------------------
Reporter: dd32 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Login & Authentication | Resolution:
Keywords: |
------------------------------------+---------------------
Comment (by dd32):
Replying to [comment:16 johnjamesjacoby]:
> Most severely, when trying to visit `buddypress.org/support` as a
logged-out user, you will be redirected back to `wordpress.org`,
essentially making the BuddyPress.org forums impossible to reach.
bbPress.org's forums do not appear to be affected by this problem (perhaps
because their url is `/forums`, but I'm not certain?)
I can't reproduce that, the redirects only kick in on attempt to login.
Can you capture any debug information about that?
Could it be related to an auto-login browser extension?
> But then... clicking "Log Out" successfully clears the BuddyPress.org
cookies and redirects back to the current page, but the WordPress.org
cookies do not get cleared.
Figuring out a way to have a logout on one site reflected over all of them
would be nice, but right now we're a little stuck as we're not using
server-side sessions, it's not currently possible to invalidate a dotorg
auth cookie without actually deleting it.
> Clicking "Log In" will immediately log you in without ever seeing a
login screen, presumably because the WordPress.org cookie exists and the
redirect is functioning as intended.
Yep, Having some kind of oAuth-like (but not oAuth..) "Continue as $logged
in user" would make sense here IMHO, it would make it clear as to what is
happening.
> Ultimately, this results in a limbo sign-in state that users cannot
fully free themselves from.
Kind of, but not completely. It's no worse than the previous state (IMHO),
where the login status on BuddyPress.org, bbPress.org and WordPress.org
would all be independent of each other, the only change here is that the
WordPress.org login state can be "promoted" to the other sites
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5239#comment:19>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list