[wp-trac] [WordPress Trac] #24025: Calling is_user_logged_in() causes the "wordpress_logged_in[HASH]" cookie to be set.
WordPress Trac
noreply at wordpress.org
Wed Apr 10 04:43:57 UTC 2013
#24025: Calling is_user_logged_in() causes the "wordpress_logged_in[HASH]" cookie
to be set.
-----------------------------+--------------------------
Reporter: tomdkat | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: General
Version: 3.5.1 | Severity: normal
Keywords: |
-----------------------------+--------------------------
While troubleshooting some malfunctioning plugins, I discovered the
"is_user_logged_in()" function causes the "wordpress_logged_in[HASH]"
cookie to be set. The "is_user_logged_in()" function calls the
"wp_validate_auth_cookie()" function, as part of its processing, and it's
"wp_validate_auth_cookie()" which actually sets the logged in cookie. I'm
reporting this behavior as a bug in "is_user_logged_in()" because I think
"is_user_logged_in()" should simply check to see if the current user is
logged in or not and not cause any cookies or status to be set or changed.
This behavior caused the W3 Total Cache and Login Security Solution
plugins to not properly function in my Wordpress installation. The site
in question has pages only and no blog. The custom theme being used
called "is_user_logged_in()" to enable some links in the footer of the
page if the current website visitor was logged in. Since my site has no
blog, there would never be a case where a visitor would be "logged in" yet
the call to "is_user_logged_in()" resulted in the
"wordpress_logged_in[HASH]" cookie to be set.
You can see some discussion I had with the author of the "Login Security
Solution" plugin here:
http://wordpress.org/support/topic/help-needed-with-login-security-
solution-0340-problem
Currently, my custom theme has the call to "is_user_logged_in()" commented
out so I'm not experiencing the problem. I can enable this call to gather
some debugging information, if necessary.
The way I found the issue was using the "Live HTTP Headers" Firefox plugin
to monitor the HTTP traffic between my browser and the server and I would
see the "wordpress_logged_in[HASH]" cookie being referenced even though I
never logged in to Wordpress, at that point.
Please let me know if there's anything else I can do to gather information
regarding this issue.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24025>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list