[wp-trac] [WordPress Trac] #48356: wp_create_nonce(...) and check_ajax_referer(...) fails on the 2nd AJAX call if that is two-action AJAX with AJAX-LOGIN as the first action
WordPress Trac
noreply at wordpress.org
Thu Oct 17 13:40:29 UTC 2019
#48356: wp_create_nonce(...) and check_ajax_referer(...) fails on the 2nd AJAX call
if that is two-action AJAX with AJAX-LOGIN as the first action
--------------------------+----------------------
Reporter: KestutisIT | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by ocean90):
* status: new => closed
* focuses: javascript =>
* severity: major => normal
* version: 5.2.3 =>
* milestone: Awaiting Review =>
* keywords: needs-patch =>
* resolution: => invalid
Comment:
Hello @KestutisIT, thanks for the report.
Nonces are tied to user sessions and therefore they will be different
between non-logged-in users and logged-in users. If you need something to
ensure "source authenticity" you have to use your own implementation and
don't use nonces.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48356#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list