[wp-trac] [WordPress Trac] #23295: Improved login expiration warning
WordPress Trac
noreply at wordpress.org
Fri Jul 12 01:46:41 UTC 2013
#23295: Improved login expiration warning
-------------------------------------------------+------------------
Reporter: mintindeed | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 3.6
Component: Autosave | Version:
Severity: normal | Resolution:
Keywords: autosave-redo has-patch ui-feedback |
-------------------------------------------------+------------------
Comment (by azaozz):
> 5 min is OK if the user dismisses the dialog, but speaking from
experience (dozens/hundreds of users over multiple sites) a 5 min delay
for the initial check is too long.
Ah, I see where the problem is. The login
[http://core.trac.wordpress.org/browser/trunk/wp-
includes/pluggable.php#L528 grace period], doesn't work when the user
clicks "Remember Me" on the login screen. The cookies are set with the
same expiration time as the `$expiration`
[http://core.trac.wordpress.org/browser/trunk/wp-
includes/pluggable.php#L651 component] in the actual cookie. And when that
time comes, the browser sends no cookies and the `$expired +=
HOUR_IN_SECONDS;` is pointless. This works when the Remember Me in not
checked as the cookies are set for the session, i.e. last as long as the
browser is open.
There are two ways to fix this:
- Set `$GLOBALS['login_grace_period']` at least 15 min earlier than the
`$expiration` component of the cookie, giving the user some head start to
log in.
- Set the cookie expiration 1 hour after the `$expiration` component when
Remember Me is checked.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23295#comment:76>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list