Menu

Home Forums Plugin Support wp_verify_nonce – Security Check – not sure why it errors

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • February 22, 2013 at 4:32 am #3131
    Allbound
    Member

    From time-to-time my users report – complete with screenshot – that when logging in via my user-meta login form they get an Ajax “Security Check” message.

    I see where it’s coming from in the User Meta code (PluginFrameworkWPSupport.php, line 17) but I have no idea why it would be called at all. It’s a brand new login – even if one caused because of a user time-out.

    I suppose more than “why” what I’d like to figure out is how to make sure when a user either logs out OR times out, that their session is completely clear and fresh so that there is no error thrown on login.

    My stopgap was simply to preempt the check with a “return true” in that function. But that’s not a good long-term strategy, I’m sure.

    Any advice on why this would be called when logging in and how to avoid the error?

    February 23, 2013 at 2:01 am #3144
    Support
    Member

    Hello, can you please contact with http://user-meta.com/contact-us/ with your site login url. Thanks

    March 7, 2013 at 4:03 am #3309
    Allbound
    Member

    Here’s one: http://www.ucibulldogs.com

    I can tell you when it is happening: when a user keeps their browser open long enough to surpass the default WP session of 14 days. So at some point after 14 days they suddenly get logged out, but not completely. The system sort of thinks they are logged in, but they are not. They can then quit out of the browser completely (PC IC, Mac FF and Chrome tested so far) and the can then log right back in with no problem.

    So now I need to see what is happening when the 14 days ends and the user is sent to log in, but some of elements of the old session still remain – specifically something related to the nonce and cookies.

    I am going to do some testing and narrow this down. My theory is that I could just have the code do a refresh and clear out all session elements vs. die with error message. But it’s ajax so who knows I can do that there.

    We’ll do some testing and report back.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.