mindpower74
(@mindpower74)

14 years, 3 months ago

My openid provider still works as I was able to verify. But 3.0.2 seems to have changed something so that the authentication cookie is no longer recognized by wordpress.

OpenID Authentication with google profile seems to work at first, entered an openid on the login page and clicked login.

(first calls to going to google omitted) here we already get redirected back to the site

GET /wp-login.php?finish_openid=1&identity_url=http%3A%2F%2Fwww.google.com%2Fprofiles%2Foliver.drobnik&redirect_to=https://www.pasching.cc/wp-admin/&_wpnonce=cb6e517964 HTTP/1.1
Host: https://www.pasching.cc
Accept-Encoding: gzip, deflate
Accept-Language: en-us
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Cookie: wordpress_test_cookie=WP+Cookie+check; PHPSESSID=rmfbjc1ahsct46obcbir47oqm4; __utmb=227347100.1.10.1291407096; __utmc=227347100; __utma=227347100.287876514.1291407096.1291407096.1291407096.1; __utmz=227347100.1291407096.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: keep-alive

the response is a redirection to the profile page:

HTTP/1.1 302 Found
Date: Fri, 03 Dec 2010 20:12:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 03 Dec 2010 20:12:06 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; domain=www.pasching.cc
Set-Cookie: wordpress_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C0f652ced6dfd204083396c5c988a84e3; path=/wp-content/plugins; domain=www.pasching.cc; httponly
Set-Cookie: wordpress_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C0f652ced6dfd204083396c5c988a84e3; path=/wp-admin; domain=www.pasching.cc; httponly
Set-Cookie: wordpress_logged_in_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C18f6203016f04a21ebf00e87c681cd90; path=/; domain=www.pasching.cc; httponly
Location: https://www.pasching.cc/wp-admin/profile.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

you can clearly see the Set-Cookie for the login, BUT ….

GET /wp-admin/profile.php HTTP/1.1
Host: https://www.pasching.cc
Accept-Encoding: gzip, deflate
Accept-Language: en-us
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Cookie: wordpress_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C0f652ced6dfd204083396c5c988a84e3; wordpress_logged_in_223f4c4bf5f4b82894a57841f94f85d5=%7C1291579926%7C18f6203016f04a21ebf00e87c681cd90; wordpress_test_cookie=WP+Cookie+check; PHPSESSID=rmfbjc1ahsct46obcbir47oqm4; __utmb=227347100.1.10.1291407096; __utmc=227347100; __utma=227347100.287876514.1291407096.1291407096.1291407096.1; __utmz=227347100.1291407096.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: keep-alive

The wp-profile page ignores the Cookies!!! Instead it redirects back to the login page with appended reauth

HTTP/1.1 302 Found
Date: Fri, 03 Dec 2010 20:12:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 03 Dec 2010 20:12:07 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: https://www.pasching.cc/wp-login.php?redirect_to=http%3A%2F%2Fwww.pasching.cc%2Fwp-admin%2Fprofile.php&reauth=1
Content-Length: 0
Connection: close
Content-Type: text/html

I also briefly enabled debug mode and on the login page I get this message related to openid on the login page:

Warning: Call-time pass-by-reference has been deprecated in /var/www/vhosts/drobnik.com/httpdocs/wp-content/plugins/openid/Auth/OpenID/Server.php on line 1707

Might be unrelated but calling deprecated methods cannot be good at any rate.

kind regards
Oliver Drobnik

Viewing 4 replies - 1 through 4 (of 4 total)

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

?????? Advisor and Activist

14 years, 3 months ago

Your post was hung up in the spam queue. I dleted the extras.

Sorry about that. It’s probably because of the amount of code/techy foo in the post.

Thread Starter mindpower74
(@mindpower74)

14 years, 3 months ago

Oh thanks for telling me, and letting one copy through. ??

You already had my hopes up, that some wordpress developer would already shed some light on if my observation is accurate.

Thread Starter mindpower74
(@mindpower74)

14 years, 3 months ago

And PS: I found yet another problem. I have a multisite install and I found that if I try to login on the primary site with an openid, you get an endless loop that my Safari cancels after a few iterations.

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

?????? Advisor and Activist

14 years, 3 months ago

Given that OpenID (the plugin – https://www.ads-software.com/extend/plugins/openid/ ) hasn’t been updated since WP 2.8.5, I can’t say as I’m surprised.

Also, based on this post, the author had problems with WordPress SVN – https://www.ads-software.com/support/topic/is-there-an-openid-provider-plugin-that-works-for-301?replies=12

So maybe download the github version and see if that works.

I wouldn’t want to even guess if it works on Multisite.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘[Plugin: OpenID] Auth Cookie getting ignored as of 3.0.2’ is closed to new replies.