WP Plugin login error

In straty.com case, the security cookie seems to be being reset every time when returning from Patreon.

This may be something to do with the init sequence of the plugins installed, or a plugin that modifies init in any way. Or something to do with WP engine

Im sending you the email to arrange the admin account for.

@straty.com Yes, most of my patrons are able to login, it’s just these 4 that can’t.

I just started poking into some WP Engine issues and here’s their most relevant article re cookies: Cookies and PHP Sessions - Support Center

Could this issue be related to caching?

The conflict here is that cookies which exist to perform a specific action (i.e. show a different sidebar, or different page altogether) do not expect the page to be fully formed before they request it. When present, these cookies expect to interact with PHP in order to perform their unique action. But as you can see in the example above, cached pages do not get processed and built by PHP as uncached ones do.

As a result, your cookie may only work as expected when logged in to the WordPress Admin Dashboard. This is because logged-in user sessions specifically bypass the page cache layer, and will be processed by PHP every time.

@lkl - you don’t happen to be hosted by WP-Engine?

It’s starting to seem - as @codebard suggested - like we may have different issues that are manifesting in a similar error.

That possibility exists, depending on the way your caching plugin or WP engine caches your site.

@straty.com No, not wp-engine. I’m happy to give codebard access to look at my configuration.

2 Likes

For the time being, im debugging this issue at lawlessfrench. I’ll update the thread with the findings. Tomorrow I’ll check straty.

:+1: - Sounds good. I’m around today to help debug…

Is it ok if i disable/enable plugins to test?

yes, go for it. this is my top priority and I have a backup from this AM

Is it possible that i can change some code in our plugin on this live site?

100% - you can do anything you need to do from inside the wordpress admin panel

@codebard - I think we got it!!! :tada: :tada:

I got on the phone with WP-Engine and the tech - who was incredibly helpful btw, which is why I use them - immediately knew what the issue was and we had it fixed in under 5 minutes.

WP-Engine caches very aggressively and that was causing the nonce not to be set properly.

For future WP Engine + Patreon Wordpress users who may stumble across this issue in the future: call WP-Engine and ask them to exclude the “patreon_nonce” cookie from the cache. They need the exact spelling of the cookie.

@codebard, maybe this could be included in the plugin documentation as well? I’m sure other wordpress-optimized hosting services do similar things with caching.

Finally, would you mind testing one last time on your end? https://straty.com/bitcoin/ Thanks

And thank you for all your work on this! I’m very appreciative!

1 Like

Great to hear. I read a case about this issue with that exact solution, but i had to ask you to ask them to be sure.

I tested myself and i can confirm it works too.

Glad that we got to the bottom of this.

Glad we got to the bottom of this as well!

Thanks again @Codebard

1 Like

Hi Codebard,

I have a new patron who was getting the “nonces don’t match” error. She cleared her cache but now when she tries to log in, she gets the captha over and over, she says she submitted the images 10 times and it just kept giving her more images to confirm.

Browser info: https://whatsmybrowser.org/b/28AXVV7

Your full user agent string is:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6

Sorry, I have no idea what to do with that.

Captcha is not provided from the plugin. It works from patreon.com. It can only be solved on patreon.com side.

I can second this! I am also hosting with WPEngine, was experiencing a similar issue (after overcoming a different installation issue), and got it fixed thanks to @straty.com’s detailed help here.

A text to WPEngine support asking them to exclude the “patreon_nonce” cookie from the cache solved the security warning fail.

Would be great to have some “host-specific known issues” on the GitHub readme, or elsewhere, for new installers.

2 Likes