[wp-trac] [WordPress Trac] #31294: Customizer no longer gracefully handles session expiration
WordPress Trac
noreply at wordpress.org
Sun Apr 5 23:25:42 UTC 2015
#31294: Customizer no longer gracefully handles session expiration
------------------------------+-------------------------
Reporter: westonruter | Owner: ocean90
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 4.2
Component: Customize | Version: 4.0
Severity: major | Resolution:
Keywords: has-patch commit | Focuses: javascript
------------------------------+-------------------------
Changes (by westonruter):
* keywords: has-patch => has-patch commit
* focuses: => javascript
Comment:
Replying to [comment:10 ocean90]:
> @westonruter Instead of ''hacking'' wp-login.php I would like to propose
to do an AJAX request which fetches refreshed nonces, see
[attachment:31294.4.diff]. This makes it more generic and future-proof (in
terms of the heartbeat API). Thoughts?
Nice work! I agree this is a better approach, especially considering the
current state of `wp_signon` in how it doesn't set the expected `$_COOKIE`
variables in the current request. It's also unfortunate that an additional
Ajax request is then required, but like you said it will be used in a
future heartbeat “keep-alive” of the Customizer, so that preview
refreshing isn't the only mechanism for keeping nonces up to date
(nevermind it doesn't also refresh the `update-widget` nonce). I just
opened #31897 to implement heartbeat-updating for the nonces for 4.3.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31294#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list