[wp-trac] [WordPress Trac] #47480: Set expiration of the recovery mode cookie

WordPress Trac noreply at wordpress.org
Tue Jun 4 15:08:15 UTC 2019


#47480: Set expiration of the recovery mode cookie
-------------------------+-----------------------------
 Reporter:  david.binda  |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:  5.2
 Severity:  normal       |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 The recovery mode cookie is set with no expiration, but any request
 containing a recovery mode cookie is handled by WordPress as a request
 which is attempting to enter the recovery mode and the validity of the
 cookie is being checked during the request processing, which includes a
 expiration of the cookie (by default set to a week).

 It means that whenever a recovery mode is entered and not properly existed
 via a button in wp-admin, the recovery cookie stays in the browser and
 WordPress would eventually presents a `wp_die` error page to a user who
 did not exit the recovery mode by expected path. The UI is quite rough, as
 it requires the user to manually reload the page in order to access their
 WordPress site again.

 It feels like such an edge-case could be mitigated by setting the cookie's
 expiration to the same amount of time for which the token in it is valid -
 eg.: to a week by default.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47480>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list