[wp-trac] [WordPress Trac] #12194: using FORCE_SSL_LOGIN and wp-login.php?redirect_to=somepage sometimes redirects to https
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 10 22:35:19 UTC 2010
#12194: using FORCE_SSL_LOGIN and wp-login.php?redirect_to=somepage sometimes
redirects to https
---------------------------+------------------------------------------------
Reporter: vanillaxtrakt | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version: 2.8.6
Severity: normal | Keywords: FORCE_SSL_LOGIN FORCE_SSL_ADMIN wp-login.php redirect SSL https
---------------------------+------------------------------------------------
I'm using Wordpress MU 2.8.6, and this also seems to occur in Wordpress
2.7.1.
If you have FORCE_SSL_LOGIN enabled in wp-config.php, are logged out of
Wordpress, and visit any page through wp-login.php?redirect_to=somepage,
it will redirect to https.
For example, if you're not logged in and you visit:
http://blog.example.com/wp-login.php?redirect_to=/
after logging in, it will send you to:
https://blog.example.com/
or if you visit (once again, you have to be logged out):
http://blog.example.com/wp-login.php?redirect_to=/feed/
it will send you to:
https://blog.example.com/feed/
It doesn't appear to do this for backend pages (wp-admin).
This bug shows up particularly when using plugins that make you log in to
see protected blog content, such as the More Privacy Options plugin,
although the bug manifests itself with or without those plugins installed.
I enabled FORCE_SSL_ADMIN and tested the same thing, and it creates a
redirect loop.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12194>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list