[wp-trac] [WordPress Trac] #29889: Login redirect to login page even if authenticated
WordPress Trac
noreply at wordpress.org
Wed Oct 8 11:41:25 UTC 2014
#29889: Login redirect to login page even if authenticated
------------------------------------+-----------------------------
Reporter: sgissinger | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 3.9.2
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
We use Wordpress in a private manner with use of '''login_redirect'''
filter which is applied in the following code in file '''wp-login.php'''
on line 777.
{{{
if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
if ( headers_sent() ) {
$user = new WP_Error( 'test_cookie', sprintf( __(
'<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For
help, please see <a href="%1$s">this documentation</a> or try the <a
href="%2$s">support forums</a>.' ),
__( 'http://codex.wordpress.org/Cookies' ), __(
'https://wordpress.org/support/' ) ) );
} elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[
TEST_COOKIE ] ) ) {
// If cookies are disabled we can't log in even with a valid
user+pass
$user = new WP_Error( 'test_cookie', sprintf( __(
'<strong>ERROR</strong>: Cookies are blocked or not supported by your
browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
__( 'http://codex.wordpress.org/Cookies' ) ) );
}
}
$requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ?
$_REQUEST['redirect_to'] : '';
/**
* Filter the login redirect URL.
*
* @since 3.0.0
*
* @param string $redirect_to The redirect destination
URL.
* @param string $requested_redirect_to The requested redirect
destination URL passed as a parameter.
* @param WP_User|WP_Error $user WP_User object if login
was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters( 'login_redirect', $redirect_to,
$requested_redirect_to, $user );
}}}
According to this, we use '''$user''' parameter in '''login_redirect'''
filter to do some stuff.
== Issue ==
After a first log in attempt with good credentials, '''$user''' is a
'''WP_Error''' which isn't normal.
And when '''$user''' is a '''WP_Error''' my custom filter do redirect to
login URL.
Then I try to log in a second time just after the first one with the same
credentials.
In this second attempt, '''$user''' is a '''WP_User''', my custom filter
do not redirect to login URL and everything works as expected.
== Additional Information ==
=== Complement 1 ===
After the first login, if I reach home URL (which is very different from
login URL), I notice that I was successfully authenticated even if I was
redirected to login URL by my custom filter.
=== Complement 2 ===
It seems to happen after my browser started, subsequent logins even with
different credentials works fine at the first time.
If I restart my browser, this issue occurs and I'm redirected after first
log in attempt.
=== Complement 3 ===
Before our 3.9.2 update we were using 3.6.1 which handled this cookie
check differently and did not overriden '''$user''' object.
== Workaround ==
We completely commented these lines and everything now works fine even
with my custom '''login_redirect''' filter.
Best
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29889>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list