Just for continuity, it seems seanwedig proposed a similar solution 5 months ago in Trac ticket 3807.
Try the patch instead, see if it works:
http://trac.wordpress.org/attachment/ticket/3807/3807.diff
Also, be aware that this is actually a somewhat complex issue, and simple fixes such as the one suggested by the first post in this thread are potentially security vulnerabilities. If it was a simple bug, it would have been fixed by now. But it’s not a simple bug, it’s an intentional thing that is happening to improve security that just doesn’t happen to work on some unusual PHP configurations.
I’m not saying “my” fix is this fantastic “use me and I’ll fix all your problems” solution, I’m just trying to help out those who; 1) can’t do this for themselves. 2) are frustrated by this error 3) don’t understand why this has suddenly happened.
I never claimed to write this off my own back, I have looked over the internet at several solutions and am simply supplying the simplest; Sean did feature quite heavily in my research, but his fix was for 2.2 not 2.2.1, if you put his fix into 2.2.1 you get locked out of the dashboard…
I’m looking at the fix hightlighted by MichaelH and will publish a publically available PLUGGABLE.PHP when I am satisfied i have created a flaw free file…
Please don’t criticise me for this, I am merely trying to help those who can’t help themselves…
takuhii: I’m not criticizing, I’m suggesting that perhaps it’s a bad idea to “fix” the problem by opening up security holes.
A correct fix is coming soon. In the meantime, perhaps you should look at the actual source of the problem, which is, in this case, not the WordPress code, but the addon that your PHP is running which breaks the WordPress code.
First, check phpinfo() to see if you’re running suhosin. If so, then you could, for example, try adding this to the top of your .htaccess file:
php_value suhosin.cookie.encrypt 0
That should disable the broken cookie encryption if you’re running suhosin and having this issue. You may need to clear your browsers cookies afterwards and relogin and such.
