Forums

WordPress › Support » Plugins and Hacks

OpenID
Auth Cookie getting ignored as of 3.0.2 (5 posts)

  1. mindpower74
    Member
    Posted 1 year ago #

    My openid provider still works as I was able to verify. But 3.0.2 seems to have changed something so that the authentication cookie is no longer recognized by wordpress.

    OpenID Authentication with google profile seems to work at first, entered an openid on the login page and clicked login.

    (first calls to going to google omitted) here we already get redirected back to the site

    GET /wp-login.php?finish_openid=1&identity_url=http%3A%2F%2Fwww.google.com%2Fprofiles%2Foliver.drobnik&redirect_to=http://www.pasching.cc/wp-admin/&_wpnonce=cb6e517964 HTTP/1.1
    Host: http://www.pasching.cc
    Accept-Encoding: gzip, deflate
    Accept-Language: en-us
    User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
    Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Cookie: wordpress_test_cookie=WP+Cookie+check; PHPSESSID=rmfbjc1ahsct46obcbir47oqm4; __utmb=227347100.1.10.1291407096; __utmc=227347100; __utma=227347100.287876514.1291407096.1291407096.1291407096.1; __utmz=227347100.1291407096.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
    Connection: keep-alive

    the response is a redirection to the profile page:

    HTTP/1.1 302 Found
    Date: Fri, 03 Dec 2010 20:12:06 GMT
    Server: Apache
    X-Powered-By: PHP/5.2.10
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Last-Modified: Fri, 03 Dec 2010 20:12:06 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Pragma: no-cache
    Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; domain=www.pasching.cc
    Set-Cookie: wordpress_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C0f652ced6dfd204083396c5c988a84e3; path=/wp-content/plugins; domain=www.pasching.cc; httponly
    Set-Cookie: wordpress_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C0f652ced6dfd204083396c5c988a84e3; path=/wp-admin; domain=www.pasching.cc; httponly
    Set-Cookie: wordpress_logged_in_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C18f6203016f04a21ebf00e87c681cd90; path=/; domain=www.pasching.cc; httponly
    Location: http://www.pasching.cc/wp-admin/profile.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html; charset=UTF-8

    you can clearly see the Set-Cookie for the login, BUT ....

    GET /wp-admin/profile.php HTTP/1.1
    Host: http://www.pasching.cc
    Accept-Encoding: gzip, deflate
    Accept-Language: en-us
    User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
    Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Cookie: wordpress_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C0f652ced6dfd204083396c5c988a84e3; wordpress_logged_in_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C18f6203016f04a21ebf00e87c681cd90; wordpress_test_cookie=WP+Cookie+check; PHPSESSID=rmfbjc1ahsct46obcbir47oqm4; __utmb=227347100.1.10.1291407096; __utmc=227347100; __utma=227347100.287876514.1291407096.1291407096.1291407096.1; __utmz=227347100.1291407096.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
    Connection: keep-alive

    The wp-profile page ignores the Cookies!!! Instead it redirects back to the login page with appended reauth

    HTTP/1.1 302 Found
    Date: Fri, 03 Dec 2010 20:12:07 GMT
    Server: Apache
    X-Powered-By: PHP/5.2.10
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Last-Modified: Fri, 03 Dec 2010 20:12:07 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Pragma: no-cache
    Location: http://www.pasching.cc/wp-login.php?redirect_to=http%3A%2F%2Fwww.pasching.cc%2Fwp-admin%2Fprofile.php&reauth=1
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    I also briefly enabled debug mode and on the login page I get this message related to openid on the login page:

    Warning: Call-time pass-by-reference has been deprecated in /var/www/vhosts/drobnik.com/httpdocs/wp-content/plugins/openid/Auth/OpenID/Server.php on line 1707

    Might be unrelated but calling deprecated methods cannot be good at any rate.

    kind regards
    Oliver Drobnik

  2. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 1 year ago #

    Your post was hung up in the spam queue. I dleted the extras.

    Sorry about that. It's probably because of the amount of code/techy foo in the post.

  3. mindpower74
    Member
    Posted 1 year ago #

    Oh thanks for telling me, and letting one copy through. :-)

    You already had my hopes up, that some wordpress developer would already shed some light on if my observation is accurate.

  4. mindpower74
    Member
    Posted 1 year ago #

    And PS: I found yet another problem. I have a multisite install and I found that if I try to login on the primary site with an openid, you get an endless loop that my Safari cancels after a few iterations.

  5. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 1 year ago #

    Given that OpenID (the plugin - http://wordpress.org/extend/plugins/openid/ ) hasn't been updated since WP 2.8.5, I can't say as I'm surprised.

    Also, based on this post, the author had problems with WordPress SVN - http://wordpress.org/support/topic/is-there-an-openid-provider-plugin-that-works-for-301?replies=12

    So maybe download the github version and see if that works.

    I wouldn't want to even guess if it works on Multisite.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags