[wp-meta] [Making WordPress.org] #5239: Bring BuddyPress.org & bbPress.org login forms over to login.wordpress.org

Making WordPress.org noreply at wordpress.org
Fri Jun 19 00:13:27 UTC 2020


#5239: Bring BuddyPress.org & bbPress.org login forms over to login.wordpress.org
------------------------------------+---------------------
 Reporter:  dd32                    |       Owner:  (none)
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:
Component:  Login & Authentication  |  Resolution:
 Keywords:                          |
------------------------------------+---------------------

Comment (by dd32):

 Replying to [comment:16 johnjamesjacoby]:
 > Most severely, when trying to visit `buddypress.org/support` as a
 logged-out user, you will be redirected back to `wordpress.org`,
 essentially making the BuddyPress.org forums impossible to reach.
 bbPress.org's forums do not appear to be affected by this problem (perhaps
 because their url is `/forums`, but I'm not certain?)

 I can't reproduce that, the redirects only kick in on attempt to login.
 Can you capture any debug information about that?
 Could it be related to an auto-login browser extension?

 > But then... clicking "Log Out" successfully clears the BuddyPress.org
 cookies and redirects back to the current page, but the WordPress.org
 cookies do not get cleared.
 Figuring out a way to have a logout on one site reflected over all of them
 would be nice, but right now we're a little stuck as we're not using
 server-side sessions, it's not currently possible to invalidate a dotorg
 auth cookie without actually deleting it.

 > Clicking "Log In" will immediately log you in without ever seeing a
 login screen, presumably because the WordPress.org cookie exists and the
 redirect is functioning as intended.
 Yep, Having some kind of oAuth-like (but not oAuth..) "Continue as $logged
 in user" would make sense here IMHO, it would make it clear as to what is
 happening.

 > Ultimately, this results in a limbo sign-in state that users cannot
 fully free themselves from.
 Kind of, but not completely. It's no worse than the previous state (IMHO),
 where the login status on BuddyPress.org, bbPress.org and WordPress.org
 would all be independent of each other, the only change here is that the
 WordPress.org login state can be "promoted" to the other sites

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/5239#comment:19>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list