WordPress.org

Ready to get started?Download WordPress

Forums

Theme My Login
[resolved] Login Cookies not being attached to response header (4 posts)

  1. BlueValleyTech
    Member
    Posted 1 year ago #

    I have been troubleshooting why my front-end login page works on my development server and not the production one.

    After a ton of debugging and using a packet sniffer, I have finally tracked it down to that the wordpress login cookies are not being attached to the response stream when logging in. However the wp_signon()function is being called, and returns a valid user object.

    I realize this function is part of the WordPress API, so the issue may not be the Theme My Login plugin itself, but hoping you might have some insight or ideas on what else I can try to figure this out.

    $user = wp_signon( '', $secure_cookie );
    var_dump($user);

    Results in (using Fiddler to capture packet data):

    HTTP/1.1 302 Found
    Server: cloudflare-nginx
    Date: Fri, 24 May 2013 07:53:01 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    X-Pingback: http://www.domain.com/blog/xmlrpc.php
    X-Frame-Options: SAMEORIGIN
    Location: http://www.domain.com/log-in/
    Vary: Accept-Encoding,User-Agent
    X-Cacheable: YES:FORCED
    X-Varnish: 1753703763
    Age: 0
    Via: 1.1 varnish
    X-Cache: MISS
    CF-RAY: 73868e9b8da0418
    Content-Length: 802
    
    object(WP_User)#329 (7) {
    ["data"]=>
    object(stdClass)#388 (10) {
    ["ID"]=>
    string(2) "53"
    ["user_login"]=>
    string(14) "SubscriberTest"
    ["user_pass"]=>
    string(34) "$P$B8O8w6awJnKrHNoFLOyHJHfKiPE1nt/"
    ["user_nicename"]=>
    string(14) "subscribertest"
    ["user_email"]=>
    string(33) "SubscriberTest@domain.com"
    ["user_url"]=>
    string(0) ""
    ["user_registered"]=>
    string(19) "2013-05-23 05:56:42"
    ["user_activation_key"]=>
    string(0) ""
    ["user_status"]=>
    string(1) "0"
    ["display_name"]=>
    string(14) "SubscriberTest"
    }
    ["ID"]=>
    int(53)
    ["caps"]=>
    array(1) {
    ["subscriber"]=>
    bool(true)
    }
    ["cap_key"]=>
    string(15) "wp_capabilities"
    ["roles"]=>
    array(1) {
    [0]=>
    string(10) "subscriber"
    }
    ["allcaps"]=>
    array(3) {
    ["read"]=>
    bool(true)
    ["level_0"]=>
    bool(true)
    ["subscriber"]=>
    bool(true)
    }
    ["filter"]=>
    NULL
    }

    I have also opened a stack overflow question on this here:
    http://stackoverflow.com/questions/16730404/wordpress-wp-signon-succeeds-but-no-cookie-is-attached-to-response-header

    http://wordpress.org/extend/plugins/theme-my-login/

  2. BlueValleyTech
    Member
    Posted 1 year ago #

    Here is the response header from the development server running the same code. You can se the response cookies are being sent:

    HTTP/1.1 302 Found
    Date: Fri, 24 May 2013 02:18:23 GMT
    Server: Apache/2.2.22 (Ubuntu)
    X-Powered-By: W3 Total Cache/0.9.2.11
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    X-Pingback: http://domain.com/blog/xmlrpc.php
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: wordpress_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7C08d4578ca9049beadffa39e0be0ea941; path=/blog/wp-content/plugins; httponly
    Set-Cookie: wordpress_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7C08d4578ca9049beadffa39e0be0ea941; path=/blog/wp-admin; httponly
    Set-Cookie: wordpress_logged_in_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7Cc41eb224ebec7f57982d0f93e70f7cff; path=/; httponly
    Set-Cookie: wordpress_logged_in_548d950a57c83d7fc5c2eb781062ef26=SubscriberTest%7C1369534704%7Cc41eb224ebec7f57982d0f93e70f7cff; path=/blog/; httponly
    Location: http://domain.com/
    Vary: Accept-Encoding
    Content-Length: 0
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
  3. Jeff Farthing
    Member
    Plugin Author

    Posted 1 year ago #

    Can you test with wp-login.php and see if the same thing occurs?

  4. BlueValleyTech
    Member
    Posted 1 year ago #

    wp-login.php did work correctly.

    I finally figured out the problem. The webhost people on the production server had configured varnish to strip cookies on all pages except the ones with specific exclusions. The new login / logout pages did not have exclusions, so they had their cookies stripped by the varnish proxy.

    Once we had them add exclusions everything worked as expected.

    Thank you!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic