Login conflict when Shield is active

  • Resolved Norm Sash

    (@normsash)


    3 years, 4 months ago

    Hi,
    I’m having an issue with the login functionality of Stranoweb Ajax when the security plugin “Shield” is active (https://www.ads-software.com/plugins/wp-simple-firewall/).

    With Shield active when I login with Stranoweb Ajax Login on the front end (logging into an Admin account) it appears to login correctly. I get the SAL login confirmation, the front-end page is shown, and the WP Admin bar is shown. (Note: this happens even if all Shield options are disabled — only the plugin is active.)

    But then when I try to access the backend (or any other page) I get immediately logged out.

    Checking the Shield logs I see the entry for successfull login, followed immediately by an entry that states “no valid user session found – loggin user out”.

    So obviously Shield is responsible for ending the session and logging the user out becasue it doesn’t recognize a valid session. But I don’t know where the root-cause problem exists… Is SAL not properly setting the user session? Or is Shield having a problem recognizing user sessions?

    Note: I’ve also tried disabling the SAL nonce but that didn’t have any effect on the behavior.

    I’ve also sent this information to Shield to have a look from their end, but maybe it is an issue with SAL that needs to be fixed.

    Thanks,
    Norm

    • This topic was modified 3 years, 4 months ago by Norm Sash.
    • This topic was modified 3 years, 4 months ago by Norm Sash.
Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter Norm Sash

    (@normsash)

    Follow-up… I received the following response from the Shield developers:

    `We’ve taken a look at this plugin and unfortunately we’ll not be able to support it – you’ll probably need to contact the developer if you haven’t already.

    The issue comes with WordPress load timing and how they’ve integrated with WordPress.

    We guess because they want to “speed” things up, they’re hooking into “after_setup_theme” which fires very early… even before “init”. Our hooks that capture logins etc. aren’t setup by then (they’re setup by ‘init’).

    We’m not sure why they’re not hooking into the WordPress AJAX system in this particular part of the processing.`

    • This reply was modified 3 years, 4 months ago by Norm Sash.
    Plugin Author beeky2

    (@beeky2)

    Hi Norm,

    Thanks for reporting the issue. We will give a check and reply here.
    Kind regards

    Thread Starter Norm Sash

    (@normsash)

    Hi Beeky2… Thanks for looking into this. Let me know if there is something you want me to test or a workaround. I would love to use your login, however this issue is preventing me from using it as users can’t login.

    Thanks,
    -Norm

    Plugin Author beeky2

    (@beeky2)

    Hi Norm,

    We are about to release the next update which will contain the fix to work with Shield.

    Meanwhile would be nice if you can test it doing this fix to the file located here: wp-content/plugins/stranoweb-ajax-login/includes/functions/functions.php

    at line 49 please replace the string

    add_action( 'after_setup_theme', 'swal_auth_user_no_ajax' );

    with

    add_action( 'init', 'swal_auth_user_no_ajax' );

    Let me know if it works,
    Thanks

    Thread Starter Norm Sash

    (@normsash)

    Hey Beeky2,

    Thanks so much for the follow-up and something for me to test. I’ve made the change you suggested and so far it is working much better with Shield.

    But it expossed another problem…

    If I have both SAL and AM360 (ActiveMember360) enabled, just trying to view the homepage of a site I get a constant redirect loop of login >> login/ >> login >> login/ >> etc, eventually ending up with a 500 error.

    That only happens if both of those plugins are active at the same time. If I disable either plugin then there is no redirect at all, that is, I don’t see any attempt to redirect to any “login” or “login/”. I can’t figure out where the redirect to “login” or “login/” is being triggered because I don’t see that in the configuration for either plugin.

    Any ideas or something that I can try?

    Thanks,
    -Norm

    Thread Starter Norm Sash

    (@normsash)

    Hi,

    I just recieved the update Version 1.8.5 but the fix for login compatibility with Shield active wasn’t in that update :(. Was it supposed to be, or is there another update yet comming?

    Thanks,
    -Norm

    Plugin Author beeky2

    (@beeky2)

    Hi Norm,

    My apologize, the update was supposed to be, but it has been added to Premium version only.

    I’ve just uploaded version 1.8.5.1 on repository, you probably won’t see the update notice on plugins page.

    I suggest you the easier way to update the plugin yourself like you did on version 1.8.4 with the script replacement.

    Best

    Thread Starter Norm Sash

    (@normsash)

    Thanks Beeky2. I just deleted and reinstalled the plugin (there was not an update notice like you suspected) and it worked. Looks like the fix to the original problem is done so we can close this topic.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Login conflict when Shield is active’ is closed to new replies.