Ticket #5076 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

Cookie testing prevents login

Reported by: ryan Assigned to: anonymous
Priority: normal Milestone: 2.3.1
Component: General Version: 2.3
Severity: normal Keywords: login cookie
Cc:

Description (Last modified by ryan)

http://wordpress.org/support/topic/135598?replies=11

Some are having login problems that are fixed when the cookie testing code is removed. See [6009].

Let's gather some information. Browser version, http server version, firefox extensions, anti-virus/firewall software, etc.

Attachments

sitecookie.diff (0.5 kB) - added by ryan on 09/25/07 22:56:52.
Set TEST_COOKIE for SITECOOKIEPATH

Change History

09/25/07 16:35:21 changed by ryan

  • description changed.

09/25/07 20:37:01 changed by westi

Some notes:

Original reporter on wp-testers has 3 blogs on same domain on same host (2 work - 1 doesn't)

There is a limit on the number of cookies per domain based on RFC2109:

6.3 Implementation Limits

Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously:

  • at least 300 cookies
  • at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
  • at least 20 cookies per unique host or domain name

User agents created for specific purposes or for limited-capacity devices should provide at least 20 cookies of 4096 bytes, to ensure that the user can interact with a session-based origin server.

The information in a Set-Cookie response header must be retained in its entirety. If for some reason there is inadequate space to store the cookie, it must be discarded, not truncated.

Applications should use as few and as small cookies as possible, and they should cope gracefully with the loss of a cookie.

09/25/07 21:11:56 changed by westi

Note also - setcookie will fail (possibly silently) if the headers are already sent according to http://uk.php.net/setcookie

09/25/07 22:56:52 changed by ryan

  • attachment sitecookie.diff added.

Set TEST_COOKIE for SITECOOKIEPATH

(follow-up: ↓ 7 ) 09/25/07 22:57:23 changed by ryan

Maybe we need to set the cookie with SITECOOKIEPATH in addition to COOKIEPATH.

09/25/07 23:17:31 changed by ryan

(In [6167]) Set TEST_COOKIE for SITECOOKIEPATH. see #5076

09/25/07 23:28:02 changed by ryan

(In [6168]) Set TEST_COOKIE for SITECOOKIEPATH. see #5076

(in reply to: ↑ 4 ) 09/26/07 09:12:17 changed by westi

Replying to ryan:

Maybe we need to set the cookie with SITECOOKIEPATH in addition to COOKIEPATH.

I guess maybe I should have a test install in a subdirectory and maybe I would have caught this one then :-(

09/26/07 23:24:17 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.