[wp-trac] [WordPress Trac] #15243: Incorrect user is set when using Ajax Nonces over HTTPS Connection
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 28 18:29:44 UTC 2010
#15243: Incorrect user is set when using Ajax Nonces over HTTPS Connection
----------------------------+-----------------------------------------------
Reporter: jeremysawesome | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.0.1
Severity: normal | Keywords: ajax, user, nonce, verify, https, fail, secure
----------------------------+-----------------------------------------------
Comment(by jeremysawesome):
Here is also a second attempt that illustrates the same issue:
{{{
Attempt 2 OVER HTTPS:
---------- When not logged in wp_create_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
---------- When not logged in wp_verify_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
---------- When logged in wp_create_nonce ----------
Array
(
[user_id] => 1
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => 75855d4e1d
)
---------- When logged in wp_verify_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
Attempt 2 OVER HTTP:
---------- When not logged in wp_create_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
---------- When not logged in wp_verify_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
---------- When logged in wp_create_nonce ----------
Array
(
[user_id] => 1
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => 75855d4e1d
)
---------- When logged in wp_verify_nonce ----------
Array
(
[user_id] => 1
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => 75855d4e1d
)
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15243#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list