[wp-trac] [WordPress Trac] #25287: 3.6 introduced a cookie with a non-"wordpress_" prefix. Some reverse proxy setups affected.
WordPress Trac
noreply at wordpress.org
Wed Sep 11 22:55:42 UTC 2013
#25287: 3.6 introduced a cookie with a non-"wordpress_" prefix. Some reverse proxy
setups affected.
--------------------------+-------------------
Reporter: markjaquith | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.6.2
Component: General | Version: 3.6
Severity: normal | Keywords:
--------------------------+-------------------
A common thing to do in Varnish caching/LB layers is to drop cookies that
don't match a whitelist when forwarding requests on to application
servers. We should avoid new cookies that aren't prefixed with
"wordpress_" so that those rules don't have to be updated as WordPress
adds new cookies. Instead, a generic rule that looks for "wordpress_" can
stay in place (in addition to ones related to comments and other long-
established WordPress cookies).
WordPress 3.6 introduced wp-saving-post-{$post->ID}. We should change that
to wordpress_saving_post_{$post->ID} (at the very least).
This issue was reported to me by Joshua Strebel at Page.ly.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25287>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list