[wp-trac] [WordPress Trac] #27162: Don't store admin messages in transients

WordPress Trac noreply at wordpress.org
Thu Feb 20 02:52:24 UTC 2014


#27162: Don't store admin messages in transients
----------------------------+-----------------------------
 Reporter:  rmccue          |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  low             |  Milestone:  Awaiting Review
Component:  Administration  |    Version:
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 The settings errors API (`add_settings_error`/`get_settings_errors`) in
 core uses transients to store messages across requests. Unfortunately,
 this is a misuse of transients, as [http://journal.ryanmccue.info/296
 /youre-using-transients-wrong/ transients are not guaranteed to exist] for
 any length of time.

 I've noticed this issue appear in two separate scenarios:

 * When flushing the cache (after a deploy, e.g.): If you happen to flush
 the object cache between a `add_settings_error` call and the next page
 load, the message will disappear forever
 * When disabling caching for testing purposes, the error will never be
 set/read (depending on how you disable it)

 ----

 There's a few options I can see to fix this:

 * Store them in options/usermeta: This keeps all the logic on the backend,
 but causes potentially costly writes to the database
 * Store them in cookies (session data): This avoids the database write,
 but means we have to send extra data via the HTTP server, which might be
 filtering cookies (inbound and outbound). It also means we need to set a
 hash using a secret key to avoid allowing users to edit their cookies.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/27162>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list