[wp-trac] [WordPress Trac] #39903: is_user_logged_in() true on ajax after cookie has been deleted
WordPress Trac
noreply at wordpress.org
Thu Jan 11 03:31:45 UTC 2018
#39903: is_user_logged_in() true on ajax after cookie has been deleted
--------------------------+------------------------------
Reporter: esemlabel | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.7.2
Severity: major | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+------------------------------
Comment (by dd32):
Replying to [comment:6 ronald_edelschaap]:
> No, in this case the visitor/user wasn't allowed to visit {{{/wp-
admin/}}}. Just checked, when visiting {{{/wp-admin/}}}, the browser get's
redirected to {{{/wp-login.php}}}.
>
> We also logged the results of both {{{is_user_logged_in()}}} and
{{{wp_get_current_user()}}}. In case of an AJAX call, these functions
resulted in resp. {{{true}}} and a {{{WP_User}}} object containing the
user data of the user which was logged in before clearing the cookies. In
case of a regular call, these functions resulted in resp {{{false}}} and
an empty {{{WP_User}}} object.
In that case I'm not actually sure of what is being reported here at all.
It sounds like the custom code / plugin in use to block access to `/wp-
admin/` is the issue in that case (Even the most basic authenticated user
has access to admin-ajax.php/wp-admin).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39903#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list