WordPress.org

Ready to get started?Download WordPress

Forums

multisite authentication bug (15 posts)

  1. fatsandrew7
    Member
    Posted 4 months ago #

    i have a wordpress multisite setup with several sub sites.

    i am having an issue when logging out of one of the sub sites that leaves the user logged into the main site which was the entry point or site by which i logged in.

    i have an example recorded in this video: http://www.screencast.com/t/fM9prj7KOS

    i am using a twentytwelve theme with minimal plugins -- none of which in the video are affecting any kind of authentication/login (i.e. a membership plugin).

    this is causing problems when i do activate my membership plugin. i have all members log into a common portal (mysitedotcom/member as in the video) from which they can then easily access all of their network sites nicely.

    logging out of any of the sub sites (ones not used to log in initially) does in fact log the user out of the sub site, however navigating back to the original member login portal shows the user completely logged into that particular network subsite/blog.

    this seems to be a bug.

    can anyone else confirm this and help find a solution?

  2. Are the sites subdomains or subfolders?

  3. fatsandrew7
    Member
    Posted 4 months ago #

    subfolders.

    did you get a chance to watch the video? in it the one site used to login stays logged in even though the user has logged out on another subsite connected to it.

  4. I don't watch videos (learning disability, won't do me a bit of good to watch it).

    Try adding this to wp-config.php, just below the Multisite section

    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIE_DOMAIN', '');
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');
  5. fatsandrew7
    Member
    Posted 4 months ago #

    good to know! for what it's worth, this one does not have any voice-over/sound at all - still wouldn't do a bit of good?

    already had that in my wp-config.php.

    here is my top section of wp-config.php:

    define('WP_MEMORY_LIMIT','96M'); //need for WP
    define('WP_ALLOW_REPAIR',true);
    define( 'WP_AUTO_UPDATE_CORE', false );
    
    /* This site was made multi-site enabled by @link http://jgwebdevelopment.com */
    define('WP_ALLOW_MULTISITE', true);
    define ('MULTISITE', true);
    define ('SUBDOMAIN_INSTALL', false);
    define ('DOMAIN_CURRENT_SITE', 'mysiteDOTcom');
    define ('PATH_CURRENT_SITE', '/');
    define ('SITE_ID_CURRENT_SITE', 1);
    define ('BLOG_ID_CURRENT_SITE', 1);
    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIE_DOMAIN', '');
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');
    $base = '/';
  6. fatsandrew7
    Member
    Posted 4 months ago #

    here are some more definitions in my wp-config.php:

    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIE_DOMAIN', '');
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');
    define( 'NOBLOGREDIRECT', 'http://investtosuccessDOTcom/' );
    define( 'BP_ROOT_BLOG', 59 );
    define ( ‘BP_ENABLE_ROOT_PROFILES’, true );
    /* That's all, stop editing! Happy blogging. */
  7. define ( ‘BP_ENABLE_ROOT_PROFILES’, true ); is wrong. Notice the apostrophes? They're curly, which won't work.

    NOBLOGREDIRECT and DOMAIN_CURRENT_SITE though... are you mapping domains here? If so, the cookies don't delete between domains. Which is not a WP thing but a web browser one.

  8. fatsandrew7
    Member
    Posted 4 months ago #

    ok, i fixed the curly apostrophes -- although, that was dealing with a potential buddypress fix.

    no, i am not using domain mapping at all. the network is just a bunch of sub folders. that's why it doesn't make any sense for it to get confused between sites.

    what else can i do to investigate this?

    is there a way i can pm you a test login to experience the problem?

    the odd part is that the wp_loggedin cookie remains present even after logging out.

    let me know, and i really appreciate the help.

  9. I only log into sites for clients (and I'm currently not accepting any more, not enough free time).

    Have you tried deleting ALL cookies for the domain and logging in again?

    i am using a twentytwelve theme with minimal plugins -- none of which in the video are affecting any kind of authentication/login (i.e. a membership plugin).

    I know you said they're not authentication/login plugins, but can you list them?

  10. fatsandrew7
    Member
    Posted 4 months ago #

    i understand -- and thank you again for taking the time to look at this.

    yes, deleting the cookies resolves the issue -- until the next login.

    that is precisely the problem. the logged in cookie remains on the original site (the one i logged into) even when logging out from another sub folder site.

    i have removed all plugins actually, and the problem still remains.

    oddly enough, i set up a clean multisite on another domain and the problem does not occur.

    i cleaned up both my wp-config.php file and my .htaccess file to reflect what a new installation would use (updating my details of course), but none of that helped.

    could this be a problem in my database?

  11. oddly enough, i set up a clean multisite on another domain and the problem does not occur.

    Well that's good. I'm not insane ;)

    You removed all plugins and changed themes. Did you make sure you don't have anything in mu-plugins?

  12. fatsandrew7
    Member
    Posted 4 months ago #

    i do not have anything in mu-plugins.

    do i need to change themes for every site on my network to properly test this?

  13. I ... don't think so. Though it may not be a bad idea.

    Before that, though. Go into wp-config.php and in the section where it has your hashes and salts, generate new ones.

  14. fatsandrew7
    Member
    Posted 4 months ago #

    ok, i actually have to do this almost every day since that is the only thing i can do to force users out of the site when the redirect loop occurs.

    i went ahead and started down the path of switching the themes to 2014.

    after doing that, clearing my cookies and regenerating hashes and salts i was able to enable my themes from before without crazy issues with the logout happening any more!

    now i am testing one by one activating plugins that i need to run my site to see if the problem comes back.

    what could explain this?

  15. fatsandrew7
    Member
    Posted 4 months ago #

    also, is this line still necessary in my .htaccess:

    # uploaded files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    it is not included when activating multisite from scratch for the first time.

Reply

You must log in to post.

About this Topic