Support » Multisite » multisite authentication bug

multisite authentication bug

  • i have a wordpress multisite setup with several sub sites.

    i am having an issue when logging out of one of the sub sites that leaves the user logged into the main site which was the entry point or site by which i logged in.

    i have an example recorded in this video: http://www.screencast.com/t/fM9prj7KOS

    i am using a twentytwelve theme with minimal plugins — none of which in the video are affecting any kind of authentication/login (i.e. a membership plugin).

    this is causing problems when i do activate my membership plugin. i have all members log into a common portal (mysitedotcom/member as in the video) from which they can then easily access all of their network sites nicely.

    logging out of any of the sub sites (ones not used to log in initially) does in fact log the user out of the sub site, however navigating back to the original member login portal shows the user completely logged into that particular network subsite/blog.

    this seems to be a bug.

    can anyone else confirm this and help find a solution?

Viewing 14 replies - 1 through 14 (of 14 total)
  • Are the sites subdomains or subfolders?


    did you get a chance to watch the video? in it the one site used to login stays logged in even though the user has logged out on another subsite connected to it.

    I don’t watch videos (learning disability, won’t do me a bit of good to watch it).

    Try adding this to wp-config.php, just below the Multisite section

    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIE_DOMAIN', '');
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');

    good to know! for what it’s worth, this one does not have any voice-over/sound at all – still wouldn’t do a bit of good?

    already had that in my wp-config.php.

    here is my top section of wp-config.php:

    define('WP_MEMORY_LIMIT','96M'); //need for WP
    define( 'WP_AUTO_UPDATE_CORE', false );
    /* This site was made multi-site enabled by @link http://jgwebdevelopment.com */
    define('WP_ALLOW_MULTISITE', true);
    define ('MULTISITE', true);
    define ('SUBDOMAIN_INSTALL', false);
    define ('DOMAIN_CURRENT_SITE', 'mysiteDOTcom');
    define ('PATH_CURRENT_SITE', '/');
    define ('SITE_ID_CURRENT_SITE', 1);
    define ('BLOG_ID_CURRENT_SITE', 1);
    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIE_DOMAIN', '');
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');
    $base = '/';

    here are some more definitions in my wp-config.php:

    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIE_DOMAIN', '');
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');
    define( 'NOBLOGREDIRECT', 'http://investtosuccessDOTcom/' );
    define( 'BP_ROOT_BLOG', 59 );
    define ( ‘BP_ENABLE_ROOT_PROFILES’, true );
    /* That's all, stop editing! Happy blogging. */

    define ( ‘BP_ENABLE_ROOT_PROFILES’, true ); is wrong. Notice the apostrophes? They’re curly, which won’t work.

    NOBLOGREDIRECT and DOMAIN_CURRENT_SITE though… are you mapping domains here? If so, the cookies don’t delete between domains. Which is not a WP thing but a web browser one.

    ok, i fixed the curly apostrophes — although, that was dealing with a potential buddypress fix.

    no, i am not using domain mapping at all. the network is just a bunch of sub folders. that’s why it doesn’t make any sense for it to get confused between sites.

    what else can i do to investigate this?

    is there a way i can pm you a test login to experience the problem?

    the odd part is that the wp_loggedin cookie remains present even after logging out.

    let me know, and i really appreciate the help.

    I only log into sites for clients (and I’m currently not accepting any more, not enough free time).

    Have you tried deleting ALL cookies for the domain and logging in again?

    i am using a twentytwelve theme with minimal plugins — none of which in the video are affecting any kind of authentication/login (i.e. a membership plugin).

    I know you said they’re not authentication/login plugins, but can you list them?

    i understand — and thank you again for taking the time to look at this.

    yes, deleting the cookies resolves the issue — until the next login.

    that is precisely the problem. the logged in cookie remains on the original site (the one i logged into) even when logging out from another sub folder site.

    i have removed all plugins actually, and the problem still remains.

    oddly enough, i set up a clean multisite on another domain and the problem does not occur.

    i cleaned up both my wp-config.php file and my .htaccess file to reflect what a new installation would use (updating my details of course), but none of that helped.

    could this be a problem in my database?

    oddly enough, i set up a clean multisite on another domain and the problem does not occur.

    Well that’s good. I’m not insane 😉

    You removed all plugins and changed themes. Did you make sure you don’t have anything in mu-plugins?

    i do not have anything in mu-plugins.

    do i need to change themes for every site on my network to properly test this?

    I … don’t think so. Though it may not be a bad idea.

    Before that, though. Go into wp-config.php and in the section where it has your hashes and salts, generate new ones.

    ok, i actually have to do this almost every day since that is the only thing i can do to force users out of the site when the redirect loop occurs.

    i went ahead and started down the path of switching the themes to 2014.

    after doing that, clearing my cookies and regenerating hashes and salts i was able to enable my themes from before without crazy issues with the logout happening any more!

    now i am testing one by one activating plugins that i need to run my site to see if the problem comes back.

    what could explain this?

    also, is this line still necessary in my .htaccess:

    # uploaded files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    it is not included when activating multisite from scratch for the first time.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘multisite authentication bug’ is closed to new replies.
Skip to toolbar