Ticket #670 (closed defect: fixed)

Opened 3 months ago

Last modified 3 months ago

Cookie across Blogs

Reported by: trent Assigned to: donncha
Priority: highest Milestone: WPMU 1.0
Component: component1 Version:
Severity: major Keywords:
Cc:

Description

When the cookie is set on login, it works perfectly switching sites in the backend through the blog switcher, but the original blog that was logged in is the only one that uses that cookie while viewing blogs. For example if I login with blog1.domain.com and view the dashboard, I am logged in and can administer and still be logged in when viewing blog1.domain.com. If I go to blog2.domain.com I would have to login again and then be not logged in when viewing blog1.domain.com.

Regardless of what blog you login to, you can still hit all dashboards of all your blogs. In this example, blog10.domain.com/wp-admin/ will have you logged in.

Change History

07/02/08 15:53:44 changed by donncha

  • status changed from new to assigned.

Working on this at the moment.

07/02/08 16:20:04 changed by donncha

Ryan pointed me in the right direction. Should have this fixed shortly!

07/02/08 16:58:17 changed by donncha

  • status changed from assigned to closed.
  • resolution set to fixed.

Fixed in [1345]

07/02/08 17:57:09 changed by trent

Thanks for that donncha! Tested and works great. Like the warning in the admin as well.

07/03/08 22:45:19 changed by trent

  • status changed from closed to reopened.
  • resolution deleted.

I thought this was fixed, but not sure if it was there the entire time or with rev 1346 or 1347, but now no other user can get to the admin area. They show they are logged in on the front end side, but keep getting redirected to the login page when attempting any link to the dashboard. My main user first logged in and was given the warning and what information to define for LOGGED_IN_KEY and LOGGED_IN_SALT and has been able to stay logged in everywhere. All other users cannot though....

07/03/08 22:51:27 changed by trent

  • priority changed from high to highest.

Another thing with this one...if you do change the salt information phrase and answer, then no one can login :) Not even the site admin.

07/04/08 00:12:53 changed by trent

Poking around, for whatever reason changing line 345 in Rev 1346 wp-settings.php to the same phrase in my wp-config.php seemed to fix the problem by defining $wp_default_secret_key on line 345. Temp fix, but seemed to isolate the problem.

07/04/08 11:19:24 changed by donncha

There's something weird going on. I created a test user and blog, logged out as "admin" and logged in as the test user on the main blog but I appeared to be logged in as admin again.

When I tried in Flock (second browser, hasn't been logged in as admin in ages), it redirected the test blog when I logged in as the test user. Very strange stuff.

07/04/08 11:49:45 changed by donncha

When I deleted the admin cookie I was able to login as my test user. This is all without changing line 345 of wp-settings.php

07/04/08 11:52:05 changed by donncha

Phew, changing line 345 fixed that small problem, submitting that change.

07/04/08 11:57:14 changed by donncha

  • status changed from reopened to closed.
  • resolution set to fixed.

Should finally be fixed in [1348]!