Cookie Problem, Internet Explorer Only

  • Hi,

    I’m currently running a medium sized Multisite install on an Ubuntu 12.04 x64 based server, using Nginx, PHP-FPM, MySQL and Cloudflare at the front, serving wp-login and wp-admin over HTTPS. Cloudflare isn’t caching any wp-admin/login page, rules are in place, neither is the backend Nginx cache I have in place, both are showing as BYPASS in the headers.

    It’s mainly for hosting educational blogs for schools, who unfortunately use IE most of the time.

    I’ve been alerted today that users can’t log in to the admin area if they’re using any variation of Internet Explorer, but all other browsers work without issue. Being a Mac user I rarely use Internet Explorer if I can help it, but when testing it in various scenarios I get exactly the same result: “ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.” This is on a proxied connection in a school, a direct connect at home and tethered on my phone’s connection, so it’s not an issue with proxying.

    Looking in the developer tools on IE, the cookies are sent and received fine, exactly how they are in every other browser. The test cookie is generated etc, but on POST the page will just refresh with the same cookies, but then show the message about cookies being blocked as above.

    I have tried all the common fixes available on Google and these forums, including modifying wp-login.php to force a login, functions.php code to force creating a cookie with the cookie-domain and setting the cookie defines in my wp-config.php. None of these have worked, but I didn’t expect them to as it was already working in other browsers. I’ve yet to disable all the plugins that are network enabled because it is a live Multisite install, but I’ve tried quickly disabling some that could be the culprit, I’ll try the rest during the night when it’s quiet. Stranger still, I have some blogs hosted that use domain mapping and it will allow me to log in to those blogs in IE.

    Has anyone witnessed this before? I have had the message before on all browsers when there was an error with a plugin at one point in the past, but this has since been fixed.

    Cheers,
    Ed

Viewing 10 replies - 46 through 55 (of 55 total)
  • Thread Starter Ed

    (@coopeh)

    Hehe, they’re just primary and secondary schools in the UK, but UK wide so firewalls will vary. Locally it’s Smoothwall, but I know there use alternatives in other council controlled areas. The majority of the UK education sector currently have their school internet provided via their local council (groups of towns, not sure what you’d call it elsewhere) under contract, but all vary their implementation.

    I’m not sure it has anything to do with the firewall though as it happens at school and home for the users, including me obviously. I know it’s definitely something going on with my setup, but I’ve disabled it down to bare bones now with no plugins (mu included), twentyeleven theme on the main site, no object cache, php extensions disabled including opcache, varnish disabled, wp-config stripped to within an inch of it’s life. I’m at a loss now ?? Only solution is to pretend it’s not a subdomain network, until I need to add a new blog. I’m betting it’s something stupidly simple and a mistake on my part, or possibly something in the database that is skewing things.

    Thread Starter Ed

    (@coopeh)

    Not sure why, but I’m getting a lot response cookies from the server when visiting the wp-login.php redirected page:

    set-cookie:wordpress_sec_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpresspass_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:spo_5_fa=465b922cf006622ec4e0a812f7092e8c; expires=Wed, 18-Feb-2015 18:19:38 GMT; Max-Age=1800; path=/
    set-cookie:wordpress_test_cookie=WP+Cookie+check; path=/; domain=domainhere.com; secure
    set-cookie:wordpress_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpressuser_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpress_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/wp-content/plugins; domain=domainhere.com
    set-cookie:wordpress_sec_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/wp-content/plugins; domain=domainhere.com
    set-cookie:wordpress_logged_in_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpress_logged_in_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpress_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpress_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpress_sec_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpress_sec_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpressuser_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com
    set-cookie:wordpresspass_randommd5stringhere=+; expires=Tue, 18-Feb-2014 17:49:38 GMT; Max-Age=-31536000; path=/; domain=domainhere.com

    It can’t be a plugin as I disabled all of them again on both the network and normal admin plugin areas. I haven’t got cookies being set in any of my server configs either. I’ve grepped for the string but can’t find anything.

    Thread Starter Ed

    (@coopeh)

    It’s also definitely not cached, I commented out the test cookie in wp-login.php and it removes that cookie from the response, so something is setting those cookies and I’m betting that’s confusing IE. Anyone got any ideas for tracking down what’s setting the cookies? I’ve grepped for setcookies and been through the entire install recursively, nothing in there looks out of order. Was hoping there’d be a debugbar extension for cookies but I can’t see anything.

    Thread Starter Ed

    (@coopeh)

    Traced it back to wp-includes/pluggable.php and just commented them out to see if that let IE logins work, still nothing. I see that it kicks off the wp_clear_auth_cookie function in the wp-login.php, sending the request cookies through. Not seen it happen on anyone elses install though. The only two plugins that I have that use the wp_clear_auth_cookie function are User Switching and Domain Mapping, but I disabled them both and it still happens. So still not got anywhere ??

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    User Switching would be SLIGHTLY more suspect than Domain Mapping but neither really make me worry.

    I’m not sure it has anything to do with the firewall though as it happens at school and home for the users, including me obviously.

    Actually I meant is the server behind a proxy or something.

    Thread Starter Ed

    (@coopeh)

    Ah, I’m using Varnish, but I’ve even piped it through and the same thing happens.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Weirdly… not what I meant, but kinda ??

    I know a lot of schools will have a chain of servers where maindomain.com actually points three servers deep down to another, not for caching but for ‘security’ and isolation. What happens with that is you get domain.com loading from third.secret.internal.domain.com

    Which can really bugger your cookies.

    Thread Starter Ed

    (@coopeh)

    No, nothing like that. But that wouldn’t matter as it’s not working on any of my local Windows VMs at home either.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    No, it would matter. Because all that would be on the inside/server side of things. Basically it would be that the cookies come from server A, when WP is actually on server B. More like Varnish, but with weirder setups. Like I said, though, I’ve just seen a lot of schools specifically do VERY weird things.

    None of which seems to be applicable here! ??

    I can’t think of what it might be except that you have a different home and site URL…

    Ed –
    Have you tried starting from scratch and slowly adding in configurations/plugins until you encounter the IE issue?

    We have a couple of unique WP installations at USC and do not have any problems logging in with IE. I recently put WP 4.1 on AWS and did not encounter any IE login issues either.

Viewing 10 replies - 46 through 55 (of 55 total)
  • The topic ‘Cookie Problem, Internet Explorer Only’ is closed to new replies.