HTTP 500 Error until cookies are deleted

  • Dear WordPress Community,

    I’ve been getting intermittent HTTP 500 Errors on my self-hosted WordPress site which can be easily solved by deleting the cookies of the site. When the error happens, only the affected user gets 500 Error, while other users can browse normally on the same site and same Internet IP.

    The error message is as follows:

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator at [email protected] to inform them of the time this error occurred, and the actions you performed just before this error.

    More information about this error may be available in the server error log.

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

    I’ve narrowed down this problem to the specific cookie and it seems like the wordpress_sec_############ cookie is the culprit. Once the cookie is deleted, everything works fine, but it happens again sometime later. The occurrence could be within the same day, or a couple of days later.

    I’m trying to figure out what is the root cause of this problem. I do have iThemes Security installed which I would guess a possible cause since this cookie is authentication related, but I have not found any dibs. Any help is appreciated.

    • This topic was modified 7 years, 5 months ago by shahz. Reason: Readability Fixes
Viewing 5 replies - 1 through 5 (of 5 total)

  • I have total same problem. 500 error until cookie is deleted. Do you have any idea how to fix it? I have iThemes security as well. Is that cancer plugin?

    Thread Starter shahz

    (@shahz)

    The odd thing is that this error started appearing since WP 4.8 though. I’m still finding the fix. I think it has something to do with different IPs logging (ie: if you login from your home, and then later login at your office, it’s more likely to happen). You dont have to delete all cookies though, just the one that begins with wordpress_sec_########## and you will be able to login.

    I’m still trying to figure out a way. I haven’t tried it without iTheme Security because this is happening on my production site and it’s not immediately replicate-able.

    I have this problem with many websites. I updated more than 7 websites and 3 had not iThemes security. All websites with wordpress 4.8 and iThemes have same problem (500 error). Websites without iThemes security are OK. Websites with iThemes without core 4.8 are OK. I think, only combo WP 4.8 and iThemes make this problem, like you said. Unfortunately, I can’t solve this problem, but I think, you are on right way.

    EDIT: I think problem is with “hide backend slug” feature. Something is broken. This iThemes security feature change htaccess and cookie. This change make errors on core 4.8.

    • This reply was modified 7 years, 5 months ago by rybarova.

    I’m still trying to figure out a way. I haven’t tried it without iTheme Security because this is happening on my production site and it’s not immediately replicate-able.

    Hello i have new info about this.

    Add this code into your functions.php file in your template:

    function logged_in( $expirein ) {
   return 10; //10sec
}
add_filter( 'auth_cookie_expiration', 'logged_in' );

    Your logen in cookie now expire after 15sec and u take this error. That is good for tests, because now you not need waiting for expired long time. Error is now practically intant (after 10 sec).

    It seems that problem is really with hide backend feature in wordpress 4.8

    Is there any permanent solution to this? I have iThemes Security on most of my sites, and it would be a huge problem even to apply this patch, let alone to disable plugin or this feature. Not to mention security implications of this

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘HTTP 500 Error until cookies are deleted’ is closed to new replies.