[wp-trac] [WordPress Trac] #25287: 3.6 introduced a cookie with a non-"wordpress_" prefix. Some reverse proxy setups affected.
WordPress Trac
noreply at wordpress.org
Wed Oct 9 21:37:27 UTC 2013
#25287: 3.6 introduced a cookie with a non-"wordpress_" prefix. Some reverse proxy
setups affected.
--------------------------+--------------------
Reporter: markjaquith | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.6.2
Component: General | Version: 3.6
Severity: normal | Resolution:
Keywords: |
--------------------------+--------------------
Comment (by azaozz):
Replying to [comment:4 johnbillion]:
> Modify the server-side `setcookie()` so it also includes `COOKIEPATH`
and `COOKIE_DOMAIN`.
> Ensure that the path and domain arguments used when the cookie set
client-side match these. This is in the `wpCookies` JS class.
When setting a cookie, if the domain part is not set, the cookie is set
only for the current page. In this case it is set only for [blog-domain
]/wp-admin/post.php. Also if the expire time/date is not set, it is a
"session cookie" lasting until the browser quits. Don't think we need
`COOKIEPATH` and `COOKIE_DOMAIN`, this cookie is not used on any other
page in the admin.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25287#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list