Cookie Problem, Internet Explorer Only (56 posts)

  1. Ed
    Posted 2 years ago #


    I'm currently running a medium sized Multisite install on an Ubuntu 12.04 x64 based server, using Nginx, PHP-FPM, MySQL and Cloudflare at the front, serving wp-login and wp-admin over HTTPS. Cloudflare isn't caching any wp-admin/login page, rules are in place, neither is the backend Nginx cache I have in place, both are showing as BYPASS in the headers.

    It's mainly for hosting educational blogs for schools, who unfortunately use IE most of the time.

    I've been alerted today that users can't log in to the admin area if they're using any variation of Internet Explorer, but all other browsers work without issue. Being a Mac user I rarely use Internet Explorer if I can help it, but when testing it in various scenarios I get exactly the same result: "ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress." This is on a proxied connection in a school, a direct connect at home and tethered on my phone's connection, so it's not an issue with proxying.

    Looking in the developer tools on IE, the cookies are sent and received fine, exactly how they are in every other browser. The test cookie is generated etc, but on POST the page will just refresh with the same cookies, but then show the message about cookies being blocked as above.

    I have tried all the common fixes available on Google and these forums, including modifying wp-login.php to force a login, functions.php code to force creating a cookie with the cookie-domain and setting the cookie defines in my wp-config.php. None of these have worked, but I didn't expect them to as it was already working in other browsers. I've yet to disable all the plugins that are network enabled because it is a live Multisite install, but I've tried quickly disabling some that could be the culprit, I'll try the rest during the night when it's quiet. Stranger still, I have some blogs hosted that use domain mapping and it will allow me to log in to those blogs in IE.

    Has anyone witnessed this before? I have had the message before on all browsers when there was an error with a plugin at one point in the past, but this has since been fixed.


  2. Ed
    Posted 2 years ago #

    Further to this, I've now tried disabling all caching and all plugins and the problem still exists. It's down to a bare hosting environment with no optimisations at all.


  3. jkhongusc
    Posted 2 years ago #

    Just a guess, but you might be mixing content, http and https. Depending on browser security settings, it may be rejecting things like cookies. You might want to see the IE browser is throwing any security warning.

  4. Ed
    Posted 2 years ago #

    Thanks jkhongusc, I thought it might have been that too, so I disabled all HTTPS and tried through a HTTP only connection. It still didn't work unfortunately, although there we no errors using HTTPS either in the network panel.

  5. jkhongusc
    Posted 2 years ago #

    The problem could stem from many sources: caching, http/https mixed content, plugins, themes. Have you tried disabling plugins and changing to a default theme to see if you still have the problem?

  6. 1) Delete ALL cookies related to your site from IE

    2) Try to log in again. If it fails, check what URL value the cookie is giving you. You may need to use http://codex.wordpress.org/Editing_wp-config.php#Set_Cookie_Domain

  7. Ed
    Posted 2 years ago #

    jkhongusc - I've tried all of those unfortunately, none have worked. Thanks.

    Ipstenu - I've tried removing all cookies and using an InPrivate browsing session to no avail. I'll try setting the cookie domain and report back.

  8. Ed
    Posted 2 years ago #

    Ipstenu - Unfortunately I get "The constant "COOKIE_DOMAIN" is defined (probably in wp-config.php). Please remove or comment out that define() line." as I'm using the WordPress MU Domain Mapping plugin. I may try temporarily removing sunrise.php at some point this evening and see if that rectifies anything.

  9. Ed
    Posted 2 years ago #

    Removing sunrise.php/WordPress MU Domain Mapping also doesn't change anything.

    The cookie domain is sending as .ed.gs for the url littlemead100wc.ed.gs/wp-login.php, this is the same on other browsers, yet they log in correctly.

  10. jkhongusc
    Posted 2 years ago #

    Have you tried setting IE's cookie options? IE may be seeing the cookies but not accepting them.

    Tools -> Internet Options -> Privacy -> Advanced:

    I would select "Override automatic cookie handling", then accept both first-part and third-party cookies, and select "Always allow session cookies".

    If the above doesnt work, then I would think that there is something funny going on with your COOKIE_DOMAIN. You mention that the Domain Mapping enabled sites work in IE? If that is so, I would install a script that prints out the COOKIE_DOMAIN; and call it from the working and non-working sites to see if there is a difference. I could create such a script if you want.

  11. Ed
    Posted 2 years ago #

    Yeah, I've tried that already unfortunately.

    Domain mapped sites seem to work fine in IE, yeah.

    I'm at work currently and unable to access my server, I'll be back home this evening and will test the COOKIE_DOMAIN declaration output then. Assuming I'd need to do something similar to:

      echo '<pre>';
      echo '</pre>'

    Cheers for the help so far!

  12. jkhongusc
    Posted 2 years ago #

    I create test scripts either in the wordpress root directory or in the theme directory... depends on whether I am testing a blog or network issue. In this case I would put in WP root dir. I would call this script <WP base>/mydomain.php

    require( dirname(__FILE__) . '/wp-load.php' );
    if ( defined('COOKIE_DOMAIN') ) {
    } else {
    echo "COOKIE_DOMAIN is not defined";

    You can see that the script loads in WP on the first line. After you drop that into WP root dir, access from browser though any blog site - http://site.domain.com/wpdomain.php

  13. Ed
    Posted 2 years ago #

    I've just tested it and both IE and Chrome result in the same result of:

    COOKIE_DOMAIN: .ed.gs

    It's the same for all subdomains too. Domains result in the domain name as the cookie, minus the dot at the start.

  14. Ed
    Posted 2 years ago #

    Do you think it has something to do with the dot at the start of the cookie domain?

  15. jkhongusc
    Posted 2 years ago #

    > Do you think it has something to do with the dot at the start of the cookie domain?

    No, but it is possible. Supposedly .ed.gs and ed.gs are both valid cookie domains. FYI my system reports my domain without a dot: usc.edu

    You should be able to force a domain using the COOKIE_DOMAIN setting, but you might need to de-activate the multisite plugin.

  16. Ed
    Posted 2 years ago #

    I've tested removing the following login form check and it creates a wordpress_logged_in cookie, but still goes back to the login page.

    <input type="hidden" name="testcookie" value="1" />

  17. jkhongusc
    Posted 2 years ago #

    Ed -
    I do not advocate changing wp core, but have you tried editing wp-login.php and removing the "Cookies are blocked" error? Note that this could mask a real cookie error. This is how I would change it, by commenting out 3 lines (750-752):

    //        if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
    //                $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
    //        else
                    $user = wp_signon('', $secure_cookie);

    Anytime you edit core, the modifications get lost on an update.

  18. Ed
    Posted 2 years ago #

    Sorry, I didn't mean as a permanent fixture. I've been going through all the similar threads and implementing the ideas as tests.

    The test I performed with the removal of the hidden input resulted in a wordpress_logged_in cookie being created, but it still didn't log me in and still shows the cookie error message on each submission.

    I've also tested the code you supplied above previously and it again creates the wordpress_logged_in cookie, but still redirects back to the login page and shows the cookie error message.

    Really can't get my head around this, the cookies are EXACTLY the same on all browsers. I've also re-uploaded all the files, disabled all plugins & object cache, set theme back to TwentyEleven and TwentyTwelve, checked wp-config settings, temporarily removed domain mapping plugin + sunrise.php, added the COOKIE_DOMAIN declaration, disabled all caching and CloudFlare interference. No idea what else I can do, it's getting to the point where customers are now leaving because of it.

  19. Ed
    Posted 2 years ago #

    I also receive these errors if I enable WP_DEBUG:

    Notice: wpdb::escape is deprecated since version 3.6! Use wpdb::prepare() or esc_sql() instead. in /***/wp-includes/functions.php on line 2913
    Strict Standards: Non-static method Bau_Installer::check() should not be called statically in /***/wp-content/plugins/blogs-and-users/blogs-and-users.php on line 76
    Strict Standards: Declaration of emc2_enhanced_menu_walker::start_el() should be compatible with Walker_Nav_Menu::start_el(&$output, $item, $depth = 0, $args = Array, $id = 0) in /*/wp-content/plugins/enhanced-menu-editor/emc2-enhanced-menu-editor.php on line 0
    Notice: Undefined index: pagenow in /*/wp-includes/link-template.php on line 1999
    Notice: Constant EXTERNAL_IMAGES_DIR already defined in /*/wp-content/plugins/import-external-images/import-external-images.php on line 37
    Notice: Use of undefined constant UPLOADS - assumed 'UPLOADS' in /*/wp-content/plugins/ultimate-branding/ultimate-branding-files/includes/functions.php on line 281

    In my opinion and from the above testing, I don't think any of these would be causing it.

  20. Ed
    Posted 2 years ago #

    I've now copied the entire site and replicated it on another domain and I can't replicate the issue.

  21. Ed
    Posted 2 years ago #

    Ok, this is very strange. If I do "define( 'SUBDOMAIN_INSTALL', false );" then it now lets me log in, but the installation is a subdomain installation.

  22. jkhongusc
    Posted 2 years ago #

    How do you configure your Domain Mappings? http://domain.com/wp-admin/network/settings.php?page=dm_admin_page

    Under Domain Options, we have #1, #3, and #4 selected

  23. Ed
    Posted 2 years ago #

    I've got Remote Login, Permanent redirect (better for your blogger's pagerank) and User domain mapping page enabled. If you enable 4 (Redirect administration pages to site's original domain (remote login disabled if this redirect is disabled)) on mine then it will disable Remote Login.

  24. Ed
    Posted 2 years ago #

    This still isn't working. I've also tried changing my auth keys and salts with alphanumeric values only.

    I'm at a loss.

  25. jkhongusc
    Posted 2 years ago #

    I thought you were on track in debugging the problem with your test system. Can you show us your custom wp-config.php settings (but do not include sensitive info)?

  26. Ed
    Posted 2 years ago #

    define('DB_NAME', '***');
    define('DB_USER', '***');
    define('DB_PASSWORD', '***');
    define('DB_HOST', 'localhost');
    define('DB_CHARSET', 'utf8');
    define('DB_COLLATE', '');
    define('AUTH_KEY',         '***');
    define('SECURE_AUTH_KEY',  '***');
    define('LOGGED_IN_KEY',    '***');
    define('NONCE_KEY',        '***');
    define('AUTH_SALT',        '***');
    define('SECURE_AUTH_SALT', '***');
    define('LOGGED_IN_SALT',   '***');
    define('NONCE_SALT',       '***');
    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIEPATH', '/');
    define('SITECOOKIEPATH', '/');
    $table_prefix  = '***_';
    define('WPLANG', 'en_GB');
    if ( isset($_GET['debug']) && $_GET['debug'] == '1' ) {
            define('WP_DEBUG', true);
    } elseif ( isset($_GET['debug']) && $_GET['debug'] == '2' ) {
            define('WP_DEBUG', true);
            define('WP_DEBUG_DISPLAY', true);
    } elseif ( isset($_GET['debug']) && $_GET['debug'] == '3' ) {
            define('WP_DEBUG', true);
            define('WP_DEBUG_LOG', true);
    define( 'AUTOSAVE_INTERVAL', 120 );
    define( 'WP_POST_REVISIONS', 30 );
    define( 'EMPTY_TRASH_DAYS', 7 );
    define( 'WP_MEMORY_LIMIT', '128M' );
    define( 'ALLOW_UNFILTERED_UPLOADS', true );
    define( 'DISALLOW_UNFILTERED_HTML', false );
    define( 'FS_METHOD', 'direct' );
    define( 'WP_DEFAULT_THEME', 'twentytwelve' );
    define( 'MULTISITE', true );
    //define( 'SUBDOMAIN_INSTALL', true );
    define( 'SUBDOMAIN_INSTALL', false );
    define( 'DOMAIN_CURRENT_SITE', 'ed.gs' );
    define( 'PATH_CURRENT_SITE', '/' );
    define( 'PATH_CURRENT_SITE', '/' );
    define( 'SITE_ID_CURRENT_SITE', 1 );
    define( 'BLOG_ID_CURRENT_SITE', 1 );
    define( 'NOBLOGREDIRECT', 'http://ed.gs/' );
    define( 'WP_CACHE_KEY_SALT', '***' );
    define( 'SUNRISE', 'on' );
    define( 'GF_LICENSE_KEY', '***' );
    define( 'FORCE_SSL_LOGIN', false );
    define( 'FORCE_SSL_ADMIN', false );
    define( 'WP_AUTO_UPDATE_CORE', false );
    if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    if ( !defined('ABSPATH') )
            define('ABSPATH', dirname(__FILE__) . '/');
    require_once(ABSPATH . 'wp-settings.php');
  27. Grep your files and find where COOKIE_DOMAIN is set?

    I know that for a while define('COOKIE_DOMAIN', false ); was breaking things with mapped domains.

  28. jkhongusc
    Posted 2 years ago #

    IMO, there is something going on with your COOKIE_DOMAIN. I see your wp-config.php is set to 'ed.gs', but you reported earlier that a test script is saying your COOKIE_DOMAIN is '.ed.gs'. That extra dot is disturbing. And as Mika mentioned sunrise.php does not like it when the COOKIE_DOMAIN is set in wp-config.php, excerpt from my sunrise.php -

    if ( defined( 'COOKIE_DOMAIN' ) ) {
          die( 'The constant "COOKIE_DOMAIN" is defined (probably in wp-config.php). Please remove or comment out that define() line.' );

    Maybe there is a problem with your sunrise.php. You should verify that you have the right version in wp-content. There is the other possibility that another script/plugin that is affecting it.

  29. Ed
    Posted 2 years ago #

    DOMAIN_CURRENT_SITE is set to ed.gs but there's no COOKIE_DOMAIN defined in my wp-config. I've checked sunrise.php, it's the current one from Donncha's latest domain mapping plugin. I even removed it and re-added from the plugin.

  30. Ed, I suggested a grep because that will search all files, and that's really what you need to do. Make absolutely sure not a single file is being as smart as a bag of wet hair.

Topic Closed

This topic has been closed to new replies.

About this Topic