[wp-trac] [WordPress Trac] #23295: Improved login expiration warning

WordPress Trac noreply at wordpress.org
Fri Jul 12 01:46:41 UTC 2013

#23295: Improved login expiration warning
 Reporter:  mintindeed                           |       Owner:
     Type:  task (blessed)                       |      Status:  new
 Priority:  normal                               |   Milestone:  3.6
Component:  Autosave                             |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  autosave-redo has-patch ui-feedback  |

Comment (by azaozz):

 > 5 min is OK if the user dismisses the dialog, but speaking from
 experience (dozens/hundreds of users over multiple sites) a 5 min delay
 for the initial check is too long.

 Ah, I see where the problem is. The login
 includes/pluggable.php#L528 grace period], doesn't work when the user
 clicks "Remember Me" on the login screen. The cookies are set with the
 same expiration time as the `$expiration`
 includes/pluggable.php#L651 component] in the actual cookie. And when that
 time comes, the browser sends no cookies and the `$expired +=
 HOUR_IN_SECONDS;` is pointless. This works when the Remember Me in not
 checked as the cookies are set for the session, i.e. last as long as the
 browser is open.

 There are two ways to fix this:
 - Set `$GLOBALS['login_grace_period']` at least 15 min earlier than the
 `$expiration` component of the cookie, giving the user some head start to
 log in.
 - Set the cookie expiration 1 hour after the `$expiration` component when
 Remember Me is checked.

Ticket URL: <http://core.trac.wordpress.org/ticket/23295#comment:76>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list