[wp-trac] [WordPress Trac] #29095: The get/set_user_setting fails on multisite/network with sub-domains

WordPress Trac noreply at wordpress.org
Wed Aug 13 03:34:16 UTC 2014

#29095: The get/set_user_setting fails on multisite/network with sub-domains
 Reporter:  azaozz              |       Owner:  azaozz
     Type:  defect (bug)        |      Status:  reopened
 Priority:  normal              |   Milestone:  4.0
Component:  Options, Meta APIs  |     Version:
 Severity:  normal              |  Resolution:
 Keywords:                      |     Focuses:

Comment (by azaozz):

 [29478] reverts most of [29362] keeping only whitespace/braces changes and
 adds `secure` when setting the cookie from JS. The actual fix is removing
 `COOKIE_DOMAIN` from the `'wp-settings-' . $user_id` cookies when setting
 them from PHP. That was added in [28895] probably by mistake, and I missed
 it the first time so [29362] didn't really fix it well.

 When a cookie is set with a domain, the browsers send it to that domain
 and to all sub-domains. When it is set without a domain, it is sent only
 to the current domain, not to any sub-domains. So if we set a cookie from
 `core.trac.wordpress.org` with a domain of `wordpress.org`, it will be
 sent to all other sub-domains. However if we set the same cookie without a
 domain, it will only be sent to the current site.

 The same is true for the "root" domain. A cookie set on `wordpress.org`
 with a domain of `wordpress.org` will be sent to all sub-domains. The same
 cookie set without a domain will be sent only to `wordpress.org`. Some
 info and links on
 [http://en.wikipedia.org/wiki/HTTP_cookie#Domain_and_Path Wikipedia].

Ticket URL: <https://core.trac.wordpress.org/ticket/29095#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list