[wp-trac] [WordPress Trac] #20276: Tie nonces and cookies to expirable sessions
WordPress Trac
noreply at wordpress.org
Thu May 29 20:35:51 UTC 2014
#20276: Tie nonces and cookies to expirable sessions
-------------------------------------------+------------------
Reporter: ryan | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch commit dev-feedback | Focuses:
-------------------------------------------+------------------
Comment (by jeremyfelt):
[https://core.trac.wordpress.org/attachment/ticket/20276/20276.5.diff
20276.5.diff] is pretty wonderful.
I'm still testing it locally, but I dig the extendability. I like the idea
of having a Gmail style "your other sessions" area. Sessions were created
for additional browsers as expected. When I invalidated the session in
Chrome, the session in Firefox remained valid.
One note so far—if the salt keys in wp-config.php are changed, the session
is invalidated as expected. However, the original session is not removed
from the DB and the new session piles on. This *could* cause clutter over
time.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/20276#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list