Support » Plugin: WP-Members: Membership Framework » [Plugin: WP-Members] Cookie not set correctly – user gets logged out when browser is quit

  • Resolved kerfuffle

    (@kerfuffle)


    The plugin is superb – but I seem to have a hit a problem.

    If a user logs in through the wp-members form (checking remember me), the cookie is set differently than if they logged in through wp-admin (checking remember me) with the result being that if the user quits the browser, they have to log back in.

    In other words, it doesn’t remember them.

    Any ideas?

    Thanks

    C

    http://wordpress.org/extend/plugins/wp-members/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Chad Butler

    (@cbutlerjr)

    I’m not sure on that one, but I am finalizing a new release, so I’ll take a look and if we can work in a fix for this release, I’ll get it in there.

    I think I found it. At first I thought that it was some kind of cookie conflict related to the usage of the deprecated function wp_setcookie instead of wp_set_auth_cookie, so I went ahead and updated it replacing:

    wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);

    by:

    $theUser = get_userdatabylogin($user_login);
    wp_set_auth_cookie($theUser->ID, $rememberme);

    inside wp-members-core.php. But I had no luck with that, as the user wouldn’t be kept logged in.

    So then I thought about the $rememberme variable. I couldn’t find where it was set. So maybe I was missing something, but $rememberme just didn’t seem to be set.

    Since we had already taken the given value of the rememberme option from the user input, just a couple of lines above all that:

    $creds['remember'] = $_POST['rememberme'];

    I decided to use that value when setting the remember me cookie. So the resulting code was:

    $theUser = get_userdatabylogin($user_login);
    wp_set_auth_cookie($theUser->ID, $creds['remember']);

    And it worked! The logged user can be remembered from now on.

    Maybe the form could also use some esc_attr-style parameter sanitization for security reasons, but other than that, the fix should work perfectly.

    By the way, it is a great plugin, Chad.

    Plugin Author Chad Butler

    (@cbutlerjr)

    Thanks @eserrano! Glad you are liking the plugin!

    I’ve actually got a fix for the issue in the upcoming 2.7.1 update (which is primarily a fix release for a couple of issues). The fix is essentially the same – the cookie was not being set with the correct rememberme value. In wp_setcookie, it should be set as ‘true’ and it was being passed as ‘forever’.

    Edit: Never mind, please disregard.

    Hi,

    What does the line 438 in wp-members-core.php do?

    if( ! $using_cookie )

    Searching for this variable elsewhere in the plugin code returns nothing.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Plugin: WP-Members] Cookie not set correctly – user gets logged out when browser is quit’ is closed to new replies.