Support Forum
Support Forum
Offline
Hello!
I know I have asked about login/logout problems that I have had and I have been informed that SP doesn't control any login/logout functions, that it is all done through WP. So I understand that.
However, I am having significant sporadic problems that only seem to happen when SP is active and I am hoping you might be able to help me.
Over the last month we have had a variety of users login and it shows they are logged in, but when they try and access any link or click on any forum or button, they get an error that references ajax and nonce (I am sorry that I don't have the exact error message), and it is as if they are logged out and redirected back to the homepage. Here is a debug report. The last line is where the problem is happening. With successful logins where this problem doesn't occur, this line is not present.
[06/08/2015 10:48 PM] - SUCCESS :Logging into WordPress account. User ID: 3
[06/08/2015 10:48 PM] - SUCCESS :Authenticating login request for username: Susan. Request came from IP Address: 86.183.128.50
[06/08/2015 10:48 PM] - SUCCESS :Authentication completed for username: Susan. IP Address: 86.183.128.50
[06/08/2015 10:48 PM] - SUCCESS :Redirecting member to the after login redirection page.
[06/08/2015 10:48 PM] - SUCCESS :silent_logout reset=null
The other plugin that I use is Theme My Login so that my clients login on the front end of the website instead of the WP page of the site. I did deactivate that plugin during a time when we were having these problems and that did not seem to help, we were still having the same login problems.
I should also say that this happens with one of our WP administrators as well and she is unable to login to the backend of WP and seems to occur at least some of these folks are using multiple devices.
Our site is http://www.raphajourney.com and I would happy to provide you with anything more info that might be helpful in diagnosing this problem.
Offline
You are correct that we are talking purely WordPress core functionality here. This is also true of Theme My Login and any other membership type plugin that might be in play.
So WP takes the login credentials and logs you in. It puts a cookie on your PC to that effect. When a page is requested - any page - if there is any need to check the status of the current user then there is a WP function which can be used to check and this is literally called - is_user_logged_in(). It is what is used by SP (and any other plugin that needs to know) and based on whether we get a true or false, we construct the page accordingly. And that is it. Very simple. And quite seriously all WordPress.
I know you mentioned multiple devices... it is obvious I know - but WP will need users to log into the site on each device independently, it does not retain any data on the server about who is and is not logged in at any time. It derives the status of the user from the cookie on their PC.
WP also uses what is called a 'nonce'. This is a special and unique one-time number. When - for example - an Admin opens an Admin page for editing the Update operation sends this nonce along with the other post data to the server. before the data is processed the nonce is checked to ensure to is correct. This is to prevent hackers sending post data that could damage your website.
When AJAX calls are made, a nonce is also sent along with the data and is also checked before any data on the database is changed. One thing that has been known in the past is for some plugins - and this has been true of some Security and Authentication plugins - to hijack the data and invalidate it. WP would then interpret this as an hack attack and refuse the request. I could imagine that this could also perhaps effect the users logged in status but I do not know for sure.
In recent versions of WP they do seem to have stepped up the checks and personally I get annoyed at how often I seem to get logged out of the Admin. If you leave the admin open on some page and come back to it some time later then there is a strong probability that the nonce being used has expired and that will result in a silent logout as they call it.
So - is there anything above that helps or gives you food for thought? Do your users have cookies turned on for your website? If they do not then I would suggest you encourage them to do so. Cookies are really essential for smooth WP site usage and are not invasive in any way.
Do people understand that each device needs it's own login cookie to be received? And that leaving a website open in your browser on the same page does not guarantee that you will still be logged in when you return to it later on.
I am curious, by the way, of what login software you used for the log in your post. Can you tell me?
 |
YELLOW
SWORDFISH
|
Offline
Hi Yellow Swordfish. Thank you so much for taking the time to explain this to me.
It sounds to me that part of what you are saying is that it is possible for WP to log you out if you leave the page for a time.
The problem that we are having though is that they are logged out immediately as soon as they click anything. You will notice on the log that the all this happens within a minute, they are logged in successfully and then logged out immediately.
My members do have cookies installed I believe because I know that the members that this has happened too they have also had weeks where their login process has worked great.
I have explained to most of these folks that they do need to login to each device so that isn't the problem.
The log in my post came from my membership plugin - Tips & Tricks eMember.
I think I mentioned this before, but I also run another site with eMember (but no SP forum) and everything there seems to work fine, so I do believe that it is a WP conflict... I just don't know how to solve it or where to look.
Thanks again for all your help and if you or anyone else have any other ideas for me please let me know.
Offline
The difference in behaviour on one site to another may not be a factor. That may just depend on what content/pages/processing etc., is being needed by the site, Also SP, as such NEVER logs you out. There is just no code in the plugin to do that. And the log out button in the forum header needs (a) a click and (b) just calls the standard WordPress core functions. But it can not run without the explicit click.
Out of interest have you talked to the eMember team about this?
|
YELLOW
SWORDFISH
|
All RSS1 Guest(s)