Viewing 10 replies - 1 through 10 (of 10 total)
  • threadi

    (@threadi)

    Which plugin provides this frontend login? Unfortunately, I can’t see it because the source code of your page appears to be over-optimized. This may also be the problem. Deactivate all optimization plugins as a test. If it still doesn’t work properly, check which plugin is providing the login form.

    Thread Starter fightsmarttrav

    (@fightsmarttrav)

    Thanks for the reply! The login form is provided by Optimize Press, or more specifically Optimize Mentor… which is their membership plugin. My understanding is that it just applies a WYSIWYG builder to native wordpress login functionality.
    There are no other optimization plugins that play any role on this page. It’s not cached, or otherwise minified… so I’m not sure what you mean by ‘over optimized’… or how you are coming to that conclusion. Can you please elaborate and help me understand ?

    threadi

    (@threadi)

    As far as I can see, the login form sends the data to its own endpoint, which then checks it. I would recommend you contact their support: https://www.optimizepress.com/support/

    Thread Starter fightsmarttrav

    (@fightsmarttrav)

    I have already contacted their support, and unfortunately, their other customers don’t seem to be having the same issue. Do you have any feedback on the multiple cookies? Is that normal behavior?

    Hey! We were having this issue. We realized that the 2 cookies set had different domains – example.com and .example.com. Under normal circumstances, there would just be 1 cookie and the domain would be the former. We didn’t manage to root cause (and would be interested in being notified if you ever do), but we have implemented a prevention that has been verified to be working. Basically, we are preemptively unsetting the cookies set at .example.com on log in by hooking into set_logged_in_cookie.

    add_action('set_logged_in_cookie', function () {
    setcookie(LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, '.example.com');
    setcookie(LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, '.example.com');
    });
    Thread Starter fightsmarttrav

    (@fightsmarttrav)

    Hey! Thank you for replying.

    In my case, I THINK that this extraneous cookie might have been a value left over from aMember membership software… but I DID also find the following line in my wp-config file:

    ini_set(‘session.cookie_domain’,’.howtofightnow.com’); 

    I’m not sure if this was responsible for setting the extra .howtofightnow.com cookie, but it sure could have been. Even still, all old users are having to clear their cache and cookies before being able to log in, and it’s very frustrating so I’d love to implement a fix.

    Can you possibly explain to me how your code ends up ignoring the .example.com cookie, and only evaluating the example.com cookie during the login process? Or is it just setting an equivalent expiration time for the .example.com cookie?

    I can send it to a dev, but I would really love to understand how this is working before I ask for implementation!

    Thank you again for the reply… this is brilliant!

    So the code above basically unsets the cookie at .example.com by setting its expiration date to the past. It does this when the user logs in. So when they reach the logged-in state, that cookie won’t be there to throw them back out into the logged-out state, causing the loop.

    I’m not sure what ini_set(‘session.cookie_domain’,’.howtofightnow.com’);  is doing. It almost looks like you want your COOKIE_DOMAIN to be .howtofightnow.com? I think my approach would be:

    1. See what the domain of your log in cookie is when you are in a working state (not in a login loop)
    2. Look into what is causing the other domain to be set sometimes (again, we couldn’t find this for our code, but maybe you can for yours and you can remove. If it was a plugin that set it once, it’s weird that the issue would persist. If it’s that line in the wp-config, maybe it’s a matter of removing it)
    3. Use the hook as we did, targeting the domain that is not set under normal circumstances.
    Thread Starter fightsmarttrav

    (@fightsmarttrav)

    Ah, your solution is smart! So, it would seem that the problem exists when there are two cookies on the user’s browser, and BOTH of them have expiration dates that are in the future. In my case, the user’s conflicting cookies both expire in 2025. So, you’re making one of them expire, so that cookie is then disregarded, and then the correct cookie for ‘howtofightnow.com’ will be used… which should theoretically solve the problem.

    1. I have confirmed that in a ‘working state’, there is only one cookie… and it’s for ‘howtofightnow.com’. It’s the .howtofightnow.com cookie that is causing the problems.
    2. I think that it was the wp-config line or aMember that was adding the .howtofightnow.com cookie. I migrated to a new membership system in January, so any user that logged in at that time might have gotten the .howtofightnow.com cookie aMember, and Optimize Mentor was applying the howtofighntow.com cookie thereafter… leaving the user with two conflicting cookies. The only solution (before now) would seem to be clearing those cookies.

    Thank you again for your help with this.

    I use Optimize Mentor as my current membership plugin… and I honestly have no idea how to ‘hook’ into wp-login… is this something that is relatively simple to do, or do you think I need a dev?

    I don’t think you would need a dev. Within wp-content/themes/<YOUR_THEME>/functions.php, you would just add the following snippet:

    add_action('set_logged_in_cookie', function () {
    setcookie(LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, '.howtofightnow.com');
    setcookie(LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, '.howtofightnow.com');
    });

    Hope it works for you!

    Thread Starter fightsmarttrav

    (@fightsmarttrav)

    THANK YOU!!!!!

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.