Use Cookies Instead of Sessions

The plugin used to use cookies, but some users had trouble with the plugin.

If you look back at 0.5.3, you’ll find it uses cookies

https://downloads.www.ads-software.com/plugin/friends-only.0.5.3.zip

So, you might find that this plugin works for you as-is, or that you can migrate the cookie-code to the newest version.

Check the changelog to see what else has changed since then.

Gabe

Hi Gabe,

Thanks a lot for your help! I installed the older version and it still didn’t work with WP Engine’s caching.

I have contacted WP Engine and they said they would work with me to get the older version of the plugin (that uses cookies) to work. Their response was: “Can you please show me an example of what one of those cookies being set would look like?”

Is there a way you could send me the cookie that is set with the older version of the plugin? My email is blake [at] nafzinger [dot] com

Thanks again for all the help, it is much appreciated.

The cookie is set using these lines of code:

define (‘COOKIE_KEY’, md5(get_bloginfo(‘wpurl’)));

setcookie(COOKIE_KEY, md5($supplied_address), 0, ‘/’);

(where the $supplied_address is the user’s email address)

That’s all I know about the cookie itself.

Gabe

Hi sorry to bother you again. I have been going back and forth with WP Engine, and this was their response. Is there any way you could do any of this.

If not, I totally understand.

“I took a look at the “Friends Only” plugin, both the current version and the older cookie-based version. As it stands right now, we won’t be able to effectively support using this plugin in our environment. However, if the plugin author were willing to make a few changes, we could help you get it running on your site. here are the changes that would need to be made:

Eliminate the use of Sessions, and use cookies instead. WordPress is designed to be stateless, which is why it natively uses Cookies instead of Sessions. In addition, Sessions have a lot of issues to be aware of, as described here: https://wpengine.com/support/cookies-and-php-sessions/.
Implement a WordPress filter when determining whether the “Sentry” portion of the code should be used.
Here is an example of what I mean for item 2 above. Here is a section of the current plugin code:

// If the user is logged in then don’t show the sentry
if (is_user_logged_in()) {
return;
}
// If the user is requesting media (mostly RSS readers and subscription emails), then let them view the media
elseif (strpos($request_path, $base_WP_path.’/wp-content/uploads’) === 0) {
return;
}
// If this is a wp-cron request, then don’t show the sentry (used for running scheduled tasks)
elseif (strpos($request_path, $base_WP_path.’/wp-cron.php’) === 0) {
return;
}
// If the user is requesting a FeedWrangler feed, then don’t show the sentry
elseif (strpos($request_path, $base_WP_path.’/?feed=’) === 0) {
return;
}
// If the user is not logged in, but they are trying to log in, then let them see the login page
elseif ((strpos($request_path, $base_WP_path.’/wp-admin/’) === 0) || (strpos($request_path, $base_WP_path.’/wp-login.php’) === 0)) {
return;
}
// If the user is trying to access XML-RPC then don’t show the sentry
elseif (strpos($request_path, $base_WP_path.’/xmlrpc.php’) === 0) {
return;
}
// If the user is trying to run BackWPUp then don’t show the sentry
elseif (($_SERVER[‘SERVER_ADDR’] == $_SERVER[‘REMOTE_ADDR’]) && (strpos($request_URI, ‘backwpup’) > 0)) {
return;
}
Here is how that code could be adjusted to implement a WordPress filter:

// Use the sentry by default.
$sentry_off = false;

// If the user is logged in then don’t show the sentry
if ( is_user_logged_in() ) {
$sentry_off = true;
}
// If the user is requesting media (mostly RSS readers and subscription emails), then let them view the media
elseif ( strpos( $request_path, $base_WP_path . ‘/wp-content/uploads’ ) === 0 ) {
$sentry_off = true;
}
// If this is a wp-cron request, then don’t show the sentry (used for running scheduled tasks)
elseif ( strpos( $request_path, $base_WP_path . ‘/wp-cron.php’ ) === 0 ) {
$sentry_off = true;
}
// If the user is requesting a FeedWrangler feed, then don’t show the sentry
elseif ( strpos( $request_path, $base_WP_path . ‘/?feed=’ ) === 0 ) {
$sentry_off = true;
}
// If the user is not logged in, but they are trying to log in, then let them see the login page
elseif ( ( strpos( $request_path, $base_WP_path . ‘/wp-admin/’ ) === 0 ) || ( strpos( $request_path, $base_WP_path . ‘/wp-login.php’ ) === 0 ) ) {
$sentry_off = true;
}
// If the user is trying to access XML-RPC then don’t show the sentry
elseif ( strpos( $request_path, $base_WP_path . ‘/xmlrpc.php’ ) === 0 ) {
$sentry_off = true;
}
// If the user is trying to run BackWPUp then don’t show the sentry
elseif ( ( $_SERVER[‘SERVER_ADDR’] == $_SERVER[‘REMOTE_ADDR’] ) && ( strpos( $request_URI, ‘backwpup’ ) > 0 ) ) {
$sentry_off = true;
}

// Possibly return without doing anything
if ( apply_filters( ‘fo_sentry_off’, $sentry_off ) ) {
return;
}
With the fo_sentry_off filter as seen above, that would allow custom handling to determine whether the “sentry” should be used or not. The reason for this addition is because technically speaking, even using cookies will not work with our caching environment. However, that doesn’t mean that there’s nothing that can be done.

Because you are intending to use this plugin on multiple sites, if the plugin author is willing to make the changes described above, I would be happy to write a simple plugin to extend its functionality to work on our platform.

I will freely admit that what I am offering to do is a bit outside the scope of our normal support. However, I don’t anticipate this customization requiring excessive work on our end, and so I’m willing to be flexible to help out if possible. If you’re willing to reach out to the plugin author again, please let me know what his response is.”

Thanks

I’ll need to look into this. If you want the problem solved now, then I suggest you modify the plugin yourself – I don’t have time to make such big changes at the moment.

Gabe