Cookie bug

  • Resolved dabrolga

    (@dabrolga)


    3 years ago

    Hi
    We are having a continual problem with the following sequence of events:

    1. A person logs into our site from a browser with “Remember Me” ticked.
    2. That person’s password is changed elsewhere either by themselves on another browser or device, or by an administrator.
    3. When that person later browses to a page on the site using the original browser mentioned in 1 (regardless of whether the page requires the user to be logged in or not) they get a white blank screen and a 500 error.

    The following appears in the error log:
    [21-Nov-2021 04:41:45 UTC] PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 262144 bytes) in /home/test/public_html/wp-includes/plugin.php on line 189
    [21-Nov-2021 04:41:45 UTC] PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 262144 bytes) in /home/test/public_html/wp-includes/load.php on line 306
    or
    [23-Nov-2021 03:14:24 UTC] PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 262144 bytes) in /home/test/public_html/wp-includes/meta.php on line 570
    [23-Nov-2021 03:14:24 UTC] PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 262144 bytes) in Unknown on line 0
    The only way that user can access the site again with the original browser is by deleting their cookies for the site or we deactivate Cerber. It is not a problem for our administrators as they know to delete their cookies but it is not a very good experience for our members.
    This has been happening for quite a while on a few different sites with quite different configurations of plugins. WP 5.8.2, Cerber 8.9.3, PHP 7.4 Tested on a staging site with Twenty Twenty-One theme, all plugins deactivated, no custom code and a basic .htaccess.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author gioni

    (@gioni)

    Hi! Please ensure that there are no “Must-Use” or “Drop-ins” plugins installed on the website.

    Thread Starter dabrolga

    (@dabrolga)

    Hi Gregory
    There were no “Must-Use” or “Drop-ins” plugins installed when the test was done on the staging site, except aaa-wp-cerber.php of course.
    Thanks for looking at this.

    Plugin Author gioni

    (@gioni)

    I confirm the issue. We’re investigating it.

    Thread Starter dabrolga

    (@dabrolga)

    For those desperate for a quick and simple patch to fix this problem do the following edit:
    In WP-Cerber v8.9.3 cerber-load.php change line 2806 from:
    global $cerber_act_status;
    to:
    global $cerber_act_status, $cerber_been_here_before;
    and change line 2809 from:
    wp_clear_auth_cookie();
    to:

    		if (!$cerber_been_here_before) {
			$cerber_been_here_before = true;
			wp_clear_auth_cookie();
		}

    This still allows the cookies to be cleaned up without the loop of death happening.
    Warning! Make sure you do not do a Site Integrity scan or have any scans scheduled any time after changing this file or you will have problems because the file will be quarantined!

    Thread Starter dabrolga

    (@dabrolga)

    Thanks for fixing this issue in version 8.9.5

    Plugin Author gioni

    (@gioni)

    Thanks for posting the quick fix!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Cookie bug’ is closed to new replies.