As far as I can tell, 100% of my patrons are getting this error as well.
I can only publish 2 links per post as a new user so I’ve broken all of the links below with double asterisks (**), which just turns things bold, meaning that you can still copy-paste links.
Update: I’ve also replied below, uploading images so you can see the issue with the nonces.
Here’s a condensed copy-paste of my conversation with @tal l that he’s asked me to move to these boards:
My patrons are getting an error message when they try to use the plugin on my site. I have everything setup properly. I have even deleted my client, re-setup everything, and cleared my patron account’s cache in order to fully test everything.
Error message: “Sorry. Aborted Patreon login for security because security cookies dont match.”
Error URL: https://[DOMAIN].com/[POST_TITLE]/?patreon_message=patreon_nonces_dont_match
So far 4 users (3 + me) have experienced this issue and reported it to me. All are Mac/iOS users. Browsers are Chrome, Safari (both iOS and Mac OS), and Opera.
The site itself:
WP Engine is my host.
WordPress Version: 4.9.2 (latest)
PHP Version: 5.6
WP Engine Plugin v3.2.1 (latest)
Patreon Plugin: Version 1.0.1 (latest)
I have easy access to my HW/OS/browser details so I’ll give you those:
Model Name: iMac
Model Identifier: iMac14,2
Processor Name: Intel Core i7
Processor Speed: 3.5 GHz
Number of Processors: 1
Total Number of Cores: 4
L2 Cache (per Core): 256 KB
L3 Cache: 8 MB
Memory: 16 GB
Boot ROM Version: IM142.0123.B00
SMC Version (system): 2.15f7
Serial Number (system): D25M801RFLHH
System Software Overview:
System Version: macOS 10.13.1 (17B1003)
Kernel Version: Darwin 17.2.0
Boot Volume: Macintosh HD
Boot Mode: Normal
Secure Virtual Memory: Enabled
System Integrity Protection: Enabled
Browsers I’ve personally tried:
- Google Chrome: Version 63.0.3239.xx (Official Build) (64-bit)
I use Ad Block in Chrome. I tried disabling it and it had no effect. I also use a password manager (LastPass)
- Safari: Version 11.0.1 (13604.3.5)
The only extension I have is a password manager
- I also tried the whole process on my iPhone X in Safari - same failure. From logs:
[14/Jan/2018:05:04:04 +0000] “GET /patreon/ HTTP/1.0” 200 18814 “https://straty.com/” "Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0 Mobile/15C153 Safari/604.1"
I don’t use any extensions or anything special with Safari on iOS
Given all of that, I would say this doesn’t appear to be a browser, OS, or hardware specific issue.
Hit paywall: https://www.dropbox.com/s/lhulxog4y47ct9y/Screenshot%202018-01-14%2015.00.11.png?dl=0
Sign up / Login: https://www.dropbox.com/s/qun6q5i1c8cm6y5/Screenshot%202018-01-14%2015.00.53.png?dl=0
Grant permissions: https://www.dropbox.com/s/70xmhtvu7u8allu/Screenshot%202018-01-14%2015.01.03.png?dl=0
4a) Fail (Chrome): https://www.dropbox.com/s/wa4doq4qjl6m73d/Screenshot%202018-01-14%2015.01.19.png?dl=0
4b) Fail (Safari): https://www.dropbox.com/s/m85qrtm3cnaqlbf/Screenshot%202018-01-14%2015.17.00.png?dl=0
Fail URL: https://straty.com/bitcoin/?patreon_message=patreon_nonces_dont_match
I’ll leave this defunct post live for you.
“Unlock with Patreon” button URL: https://www.patreon.com/oauth2/become-patron?response_type=code&min_cents=100&client_id=12df3bcd6a271f4cf27ae82fa7048c9f01563566c5f4a6204c4f32e3baba023e&redirect_uri=https://straty.com/patreon-authorization/&state=YToyOntzOjE4OiJmaW5hbF9yZWRpcmVjdF91cmkiO3M6Mjc6Imh0dHBzOi8vc3RyYXR5LmNvbS9iaXRjb2luLyI7czoxMzoicGF0cmVvbl9ub25jZSI7czozMjoiNTg5MzRlYWRkNmFkY2E3M2M4YjQ4OTE1NDA5NTQzZDEiO30=
Of course, I’m trying all of this signed OUT of my Creator account and signed IN to a Patron-only account with the appropriate Patron level.
I’ve noticed something interesting… I tried to sign in one last time after resetting my cookies. But this time I had the Chrome inspector panel open to the cookies settings. Notice how the “patreon_nonce” changes every time the site loads.
1) First straty.com visit: https://www.dropbox.com/s/itgjaf3tk3ltdvg/Screenshot%202018-01-14%2016.05.09.png?dl=0
2) Click on Patron WP post: https://www.dropbox.com/s/y9bmdbeip1way07/Screenshot%202018-01-14%2016.05.21.png?dl=0
3) Return to WP site after auth: https://www.dropbox.com/s/aawlinsqvjujudd/Screenshot%202018-01-14%2016.07.41.png?dl=0
Surely the nonce is supposed to persist a bit longer than each page load… The other 3 cookies pictured are related to Google Analytics…
Thanks - I really hope we can get this working for everyone!