Set-Cookie causes Wrong username or password at first login attempt

  • Resolved USATC

    (@usatc)


    5 years, 2 months ago

    If .htaccess has any one of the following specified in WordPress 5.3.2 using WPS Hide Login 1.5.5 plugin:

    Header set Set-Cookie HttpOnly;Secure
    Header set Set-Cookie HttpOnly;Secure;SameSite=Strict
    Header set Set-Cookie HttpOnly;Secure;SameSite=None
    Header set Set-Cookie HttpOnly

    When I enter the correct username and correct password I get:
    Wrong username or password.

    Then I just press enter and I am taken to the WP Dashboard (or I can reenter the same username and same password a 2nd time to get to the WP Dashboard).

    If I remove the Set-Cookie from .htaccess the login works the first time.

    (I have set a Login URL myself after the initial install. I have uninstalled this plugin and reinstalled with the same result. No issues with the plugin disabled, or with no Set-Cookie in htaccess)

    Note: You must Log Out WordPress and close the browser completely to recreate the issue at the next WP login.

    • This topic was modified 5 years, 2 months ago by USATC.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter USATC

    (@usatc)

    P.S. This happens to all Users defined to WordPress, every time they logoff WP and start any browser again, or logoff WP and boot their PC.

    • This reply was modified 5 years, 2 months ago by USATC.
    Thread Starter USATC

    (@usatc)

    This happens on 3 different websites/domains. I had to remove “Header set Set-Cookie HttpOnly;Secure” from .htaccess on all sites… for now.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Set-Cookie causes Wrong username or password at first login attempt’ is closed to new replies.