Exclude manual password changes?

  • Resolved rzack

    (@rzack)


    4 years, 5 months ago

    One of our plugins is running a query manually that changes WP passwords in certain circumstances to a temporary password, and then quickly changes the password back, within a few seconds. This weird setup is needed for a legacy authentication mechanism to function.

    Unfortunately it looks like WP Redis is caching the password after the first change, so the second password change isn’t recognized. This causes authentication failures since the first password is just a temporary password.

    We’ve tried excluding the plugin in wp-config, but that didn’t work:

    define( ‘WP_REDIS_IGNORED_GROUPS’, [‘counts’, ‘plugins’, ‘our-plugin’] );

    It only works again when we disable object caching.

    Is there any way to completely disable Redis caching of WP passwords and authentication stuff? Or is there any way to specify that a certain database query or WP function shouldn’t be cached by Redis?

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Till Krüss

    (@tillkruess)

    Hi @rzack,

    You could try ignoring the group users, but personally I’d just do an automatic flush after that query runs, or even better delete the user’s cache keys after the plugin does its password changes.

    Thread Starter rzack

    (@rzack)

    Ok thanks. I just tried adding this to wp-config but didn’t help, is this right?

    define( ‘WP_REDIS_IGNORED_GROUPS’, [‘users’] );

    Plugin Author Till Krüss

    (@tillkruess)

    That will ignore the users group, yes.

    Thread Starter rzack

    (@rzack)

    Thanks! That is working. (Had a typo on first try of that). Case closed.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Exclude manual password changes?’ is closed to new replies.