OK, this thread is up to 100 posts, so I'm going to summarize what's been discovered and try and close this thing down. I'd also like to make sure the original poster (@willem.deboer) gets a solution.
Overview: The overarching issues is that after upgrading to WordPress 3.7 or 3.7.1 the user now gets the following error message onscreen when attempting to login:
"Cookies are blocked or not supported"
What should be happening (as of WordPress 3.7): When a user goes to
wp-login.php, either directly or through a redirect from wp-admin, a test cookie should be set on that request. (an http
GET.) When the login form is submitted, a check is made on the
POST to see if the test cookie was set. This happens before authentication. If a test cookie was not set, then the user returns to the login form page (
wp-login.php) and the "Cookies are blocked or not supported" message is displayed onscreen. Otherwise normal authentication occurs. (either user is taken to wp-admin or gets an onscreeen error message stating login failed due to incorrect username/password.)
Why am I getting this error with WordPress 3.7/3.7.1?:
- (Confirmed) An update to WordPress 3.7 fixed a logic error that prevented the code in
wp-login.php that actually tested for the presence of the test cookie from running. Some proxy/caching servers (confirmed with Varnish) are deleting WordPress cookies on
GET requests, but since pre-WordPress 3.7 wasn't actually checking the presence of the test cookie, the fact that the test cookie was being deleted by the caching server was overlooked by WordPress and users could login successfully.
- (Unconfirmed, but some users have reported) Some plugins/themes may not be compatible with WordPress 3.7/3.7.1. The problem appears to be that a plugin/theme is sending output before the headers are being sent, causing a "headers already sent" warning, and consequently preventing WordPress from setting the test cookie (since "headers already sent" is a warning and not a fatal error, the web server will complete the request and simply not set the cookie).
How do I tell which issue is effecting my site?:
- If you get the "Cookies are blocked or not supported" when you submit the login form, try logging in a second time. If you can successfully login on the second attempt, this is a good indicator that you have a proxy/caching server deleting WordPress cookies on http
GET requests. (
wp-login.php will also set the test cookie on a
POST request, which is why you can login on the second attempt.)
- Rename your
plugins directory under
wp-content and then attempt to login. (basically, you need to disable all your plugins.) If you can now login, then you've got a problem with a plugin. (NOTE: Set
WP_DEBUG to true in
wp-config.php before renaming your plugin directory, this may tell you which plugin is at fault.) If you still can't login, try changing to a default theme like TwentyTweleve or TwentyThirteen.
- To state the obvious, make sure your browser is accepting cookies...
Important: I'm not a moderator, so I can't close this thread, but we need to make sure it remains useful for anyone who may search for a solution to this problem. If you're not the original poster and this doesn't fix the problem you're having, please start your own thread and someone will be glad to help you there.