Support » Plugin: All In One WP Security & Firewall » Login page renaming prevents WooCommerce end of session

  • Hello,

    This happens when using WooCommerce and the login page renaming functionality of this plugin.

    When logging out from WooCommerce, the WooCommerce session cookie (wp_woocommerce_session_[HASH]) is not being removed from the browser. This leads to nonce verification issues in forms that had been submitted prior to the user loggin out. To clarify:

    Steps to reproduce the issue:

    1. Install WooCommerce + activate the login page renaming functionality of WAIO Security
    2. Identify a form on the website (that implements nonce verification)
    3. Log in to WP/WooCommerce
    4. Submit the form identified at step 2
    5. Log out from WP/WooCommerce
    6. Submit the form identified at step 2

    What happens:
    Nonce verification fails. You can still see the ‘wp_woocommerce_session_[HASH]’ cookie in your browser.

    What was expected:
    Nonce verification succeeds, form can be submitted. ‘wp_woocommerce_session_[HASH]’ cookie deleted on logging out from WP/WooCommerce.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author wpsolutions

    (@wpsolutions)

    Thanks for the info. I will do some tests to see what’s going on.

    Plugin Author wpsolutions

    (@wpsolutions)

    Hi again,
    You might have to give me some more info….I tried a few tests and I found no issues.

    I also had rename login feature active and followed your steps.
    I noticed that upon logging out of the woocommerce account the “wp_woocommerce_session_xxxx…..” cookie was removed. The upon subsequent submission of the woocommerce form (with a nonce) I was able to successfully submit the form.

    I suspect that maybe a combination of things might be causing your issue. Please try a theme/plugin conflict test to see if you can find anything.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Login page renaming prevents WooCommerce end of session’ is closed to new replies.