Suddenly Not Able to Login due to Cookie error

  • Resolved Matilda F

    (@matilda-f)


    10 years, 7 months ago

    Hi,
    This issue was reported 5 months ago in the thread “Cookie Error when Logging In”.

    I can’t login to my dashboard and get the error message:

    ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.

    Have tried the usual fixes like, re-enter login in error login, deactivate plugins, and followed Google’s instructions in the anchor text of the error message to no avail.

    On the forum thread, one member said:

    “It is apparently a login update with WordPress. An “improved” control mechanism during the login process to check if a browser can store cookies. This cookie, however, is only set in the wp-login.php file and in many login scenarios, the cookie is set too late to be of any real use.”

    He suggested – Comment out lines 744-746 in wp-login.php. This will bypass the check entirely and logs you in.

    It should look like this:

    //	if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
//		$user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='https://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
//	else
		$user = wp_signon('', $secure_cookie);

    THE RELEVANT SECTION IN MY WP-LOGIN.PHP FILE LOOKS LIKE THIS:

    //Set a cookie now to see if they are supported by the browser.

setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if ( SITECOOKIEPATH != COOKIEPATH )
	setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);/**
 * Fires when the login form is initialized. * * @since 3.2.0 */
do_action( 'login_init' );/** * Fires before a specified login form action. *
 * The dynamic portion of the hook name, $action, refers to the action
 * that brought the visitor to the login form. Actions include 'postpass',
 * 'logout', 'lostpassword', etc. * * @since 2.8.0 */
do_action( 'login_form_' . $action );

* The dynamic portion of the hook name, $action, refers to the action
 * that brought the visitor to the login form. Actions include 'postpass',
 * 'logout', 'lostpassword', etc. * * @since 2.8.0 */
do_action( 'login_form_' . $action );
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
$interim_login = isset($_REQUEST['interim-login']);switch ($action) {
case 'postpass' :	require_once ABSPATH . 'wp-includes/class-phpass.php';
	$hasher = new PasswordHash( 8, true );	/**
	 * Filter the life span of the post password cookie.	 *
	 * By default, the cookie expires 10 days from creation. To turn this
	 * into a session cookie, return 0.	 *	 * @since 3.7.0	 *
	 * @param int $expires The expiry time, as passed to setcookie().	 */
	$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );

    Not sure where and how to apply that suggested fix into this code.
    Please help!! What has caused this to happen so I can avoid it?

    Thanks for your time WP developers.

    PS – Just noticed from drop-down list here that there is a new upgrade to version 3.8.2. Does this have anything to do with it? I cant upgrade without logging in.

Viewing 3 replies - 1 through 3 (of 3 total)

  • I am having the same issue on two of my sites after i upgraded to wp. 3.8.2, have tried all the “bug fixes” still my problem persists????

    Thread Starter Matilda F

    (@matilda-f)

    Hi iamjoefriday,

    I discovered my WP was upgraded automatically to 3.8.2. I was using a child of a theme that was out of date. Didnt notice the parent theme had a new version release.

    WP 3.8.2 addresses a hack problem with forged authentication cookies that stop you from logging in. You must be running a version of your theme that is not up to date and is not compatible with 3.8.2. (the timing of this is too coincidental) I think that’s how the hack enters.

    My host logged in for me using another password then deactivated my theme and activated the WP default theme (twenty eleven).
    Was able to login after that. Have reverted to my parent theme and upgraded it then activated it. It’s okay now.

    Matilda, thanks for the tip that worked for me. I logged into my phpMyAdmin and changed my login password. I logged in with the new password, but my dashboard was broken up due to a lack of CSS or something. I found my Appearance > Themes and went to my parent theme.

    Then suddenly my notifications had an email that one of my sites had just upgraded automatically to 3.8.3.

    Say, that would be helpful, it would be like a reset. ]

    That cleared everything up and it works.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Suddenly Not Able to Login due to Cookie error’ is closed to new replies.