[wp-trac] [WordPress Trac] #52082: Application Passwords issue with wordpress_logged_in cookie
WordPress Trac
noreply at wordpress.org
Tue Dec 15 16:03:37 UTC 2020
#52082: Application Passwords issue with wordpress_logged_in cookie
-----------------------------------+------------------------------
Reporter: SeBsZ | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Application Passwords | Version: 5.6
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------------+------------------------------
Comment (by TimothyBlynJacobs):
Hi @SeBsZ,
This is expected behavior, you can see this comment for why it happens:
https://make.wordpress.org/core/2020/11/05/application-passwords-
integration-guide/#comment-40414 That doesn't mean we can't look to change
that behavior, but I think it would be tricky because of how during a REST
API request we aren't doing the full user validation in
`wp_validate_auth_cookie`, the nonce check happens in
`rest_cookie_check_errors`.
In what scenario are you using App Passwords that you also end up with
auth cookies?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52082#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list