Site Ignores Cookie, Won’t Log In

Hello, meilershsag, & welcome.

I registered on your site just to see if I could log in &/or see any errors in my development console that might help us. I couldn’t & I didn’t.

O let me modify that. wp-login.php doesn’t work. wp-admin, however, does. So there is something on your site, likely a plugin, & likely your membership plugin, that’s not redirecting things in the way you’d expect.

If that doesn’t assist you in finding the problem, then here are some other things to try.

You do appear to be running a 3rd-party theme. To that end:
1) Please activate a WordPress default theme (they all begin with the word ‘twenty’) & see if the problem resolves. I’d also like to see you rename that theme folder–perhaps by putting a 1 at the end, just to make extraordinarily sure it’s in no way active

If the issue goes away, then we both know where the problem lies, & you’ll need to request support from Theme Forest.

If disabling the theme does not solve then pleas proceed w/the following.
2) You are running a plugin to prevent brute force attempts on your site. Good. Great! Except not right now. Actually what I’d like you to do is to deactivate your plugins temporarily by renaming your plugins folder to something like plugins1. Try logging in & see if the problem resolves.

If it does, then we have a plugin conflict. Rename 1 folder under your plugins folder at a time, starting w/core plugins where possible like Akismit. Log in after each rename. The culprit is obviously found when the last folder you renamed causes an unsuccessful login.

I really think a revisit to your membership plugin settings may be what the doctor ordered here, if you’ll forgive the pun on several levels.

Please let us know how you get on.

Thanks so much for your reply. You were not able to register at all? That used to work.

Turning off plugins isn’t a long-term solution for me; as is the case with so many WP sites, the plugins are the site; we paid for a theme called WPLMS to set up an online course, and it is made of Vibe, BuddyPress and WPLMS plugins all tied together as a single unit; I can’t disable piecemeal.

Here is a list of the plugins on the site, do you see any that seem like offenders that could cause issues with login?

bbPress
BuddyPress
Database Browser
Gravity Forms
My Database Admin
Post SMTP
Query Monitor
Vibe Course Module
Vibe Custom Types
Vibe ShortCodes
WP101 Video Tutorials
WPLMS Assignments
WPLMS Customizer Plugin
WPLMS Dashboard
WPLMS EventOn
WPLMS Front End
WPLMS PDF Certificates

I will try a vanilla theme and see if that fixes the issue; at that point I have to contact GoDaddy hosting support, which I am not looking forward to as I often get some nice gentleman who is 3,500 miles away and has only recently acquired skills in English, which greatly hampers our conversation. ANY other suggestions for settings in wp-config, fixes to wp-login, etc. are greatly appreciated, I can code PHP if needed.

Hi, meilershsag.

Yes, I registered on your site. In the “how did you hear about us”?” section, I put other & then explained I heard about you because you filed a support request w/these forums, just in case you’re monitoring that. It was a great opportunity for me to actually get a look at what was happening using the development console of my browser. What I was not able to do afterwords was log in using wp-login.php. I was, however, able to do so using wp-admin.

It suggests to me that you should revisit your membership plugin settings & examine those carefully. I’m not a betting lady, as I absolutely detest losing money, but my money’s on the membership plugin settings needing to be revised.

Disabling plugins is just a very quick temporary measure to see if it resolves the problem. I don’t know how much server space you’re allocated, but you might try installing an identical site in a separate folder & testing in that way if sufficient space exists.

OK, I disabled quite a few of the plugins above. I have narrowed down what is happening to a very specific behavior:

If I log in on the main page, which uses wp-login.php, the login works but is ignored by the page. If I hand-type in the URL /wp-admin/, whether the user is an admin or not, suddenly I am logged in. This is repeatable 100% of the time.

Also, logout does not work; the cookie stays in the browser cache, and trying to log in again, I am told I am already logged in.

Should I replace my wp-login.php file with a fresh copy? It does not look corrupted and there are no errors with file permissions or any PHP errors called out in the debug log in regards to wp-login.

meilershsag, I wish ’twere as simple as changing out wp-login.php, but that is not the problem, & I’d be willing to bet money on that, which testifies to my certainty about it :).

Are you running any caching on that site? Or is GD caching it for you?

Well I don’t exactly know what happened, but I have been able to log in from the main page using a browser I’ve not used before. But once logged in, it seems like it’s perpetual, & that is not cool.

From what I can see, the LMS seems to be governing the login behavior. So it’s either that your site is being cached, the LMS holds on to the cookie perpetually, or a combination. If you’re sure your site’s not being cached, then I’d consult w/the LMS vendor. If it is, there should be a way to uncache login pages.

I’m looking at the source of this plugin. It’s talking about using flash. Surely not, right? Because Adobe won’t be supporting it by year’s end, & most if not all mobile devices don’t support it now.

You say you recently moved the site to another domain. Did you do a search-&-replace of the database to change all url’s? Or did you just start over w/a new database?

For the site move I followed a detailed checklist, and I did update the database with the new URLs for Siteurl and Home. Those are consistent in the wp-config as well, and the site hosting settings.

I disabled the cache; I will check with GoDaddy to see if I can disable it in hosting as well.

meilershsag, disabling the cache seems to have helped. I am able to log in successfully now using either wp-login or wp-admin.

The ideal situation, IMO, is that when the browser closes, so does the session, unless the ‘remember me’ box is checked, because, well, you know–if someone happens to be taking 1 of your courses on a public computer, finishes what they were doing, & closes the browser, another person could potentially come along, go to the site, & end up in the first person’s course. Not a likely scenario, but still.

The problem, I think, has to do w/settings in your LMS.

Having said that though, you don’t tell us what sort of hosting this is, ie, shared, VPS, dedicated, etc, whether it’s Linux or Windows, whether it’s running on Apache or Nginx, or something else, & that makes a world of difference, as settings in the server config or the operating system itself can dictate how long sessions remain open, completely apart from any plugins on the site. Sometimes a site’s security plugins can hold sessions too long also. I’ve seen all of that before.

So, were I you, here’s the order I’d follow.
1) I’d look in the LMS settings regarding anything having to do w/logins, especially timing.
2) I’d look at any security plugins login settings.
3) Seeing nothing amiss, then I’d examine things like php.ini or your control panel that may contain information regarding this.
4) If you use something other than a shared/managed platform ie, VPS, dedicated server, etc, then other configuration files may come into play as applicable.

These are the sorts of situations that cause my hair stylist grief, as I tend to come in w/random patches of hair far shorter than they should be simply from pulling it out when I have to troubleshoot this sort of problem for clients’ sites. You get the idea. Keep in touch & let us know how you’re progressing.

Unfortunately the site just reverted back to the previous behavior, could you check it again? Thanks so much for your help and guidance here, I essentially had this site dumped in my lap and am just trying to get it running and stable.

I am looking into the session issue now, I made no changes to cookie lifetime in any of my fixes so far.

meilershsag, 1 of the things we always do when troubleshooting a request like this is to get a barebones system in place. Not as a permanent solution, of course, but for troubleshooting purposes.

I’m pretty certain that your LMS is part of the problem. I’m also concerned that a security plugin to prevent brute force attempts may be as well. Additionally, I have very serious concerns about your editions to your wp-config.php file.

I can identify w/getting stuff dumped on you–that’s a tough row to hoe. I’m trying really hard to help here. But that is going to require, as a temporary solution, that we go vanilla theme & no plugins, as well as commenting out your edits to wp-config.php, & see if the site is working w/a configuration like that. Then we start adding stuff, 1 thing at a time, to see where it breaks. Once we figure that out, the fix is usually evident.

This is why I suggested that perhaps another install to a different folder might be in order, but, having said that, stuff isn’t working well anyway, so troubleshooting it the way it is might not be problematic. Renaming & not deleting folders is the name of the game, so it’s not like stuff is being destroyed, just inactivated.

The site worked for me in Firefox. It cratered in Chrome.

I tend to use a plugin called Interconnectit, available from:
https://interconnectit.com/products/search-and-replace-for-wordpress-databases/
to replace all instances of a domain name in the database w/another domain name. It does require that you back up your database first. It should also be deleted once you’re done, as it can pose a security risk if miscreants get hold of it.

Commenting stuff out on your wp-config.php file can be done by putting /* in front followed by */ at the end of the line to be deactivated.

Please let’s try this & see where we stand.

OK, I rescued the site, I think. It was a mix of changing cache settings, rolling back BuddyPress 1 version, and removing some custom code.

Thanks so much for your help; I haven’t touched php in 10 years after I moved to C#/.NET and I’ve never worked on a WordPress site before, so this was invaluable.

I found all sorts of really hairy code (hard coding, assumptions, bad variable naming, etc.) that makes me feel not super great about the product, but it is what it is. At least it seems to be running now. Whew! Just have to remember to disable debug mode.

Hey, meilershsag, I’m glad you got it working. Just remember that when updating the theme & plugins, any changes you made will likely be overwritten.

Don’t hesitate, though, to let us know if you need help again.

OK, now I am feeling like I need to Venmo you a few bucks/tip you a ko-fi, because I have yet another question… you mentioned far above that people are staying logged in too long, and that has been a problem with the site since the very beginning. I can now log in first time every time, but if I log OUT, all hell breaks loose…

it looks like the authorization cookie does NOT get deleted when I log out, so if I immediately try to log back in, I can’t, but something is getting mangled because it shows me as logged in but gives the error that I don’t have access to that page.

How can I get these cookies to delete on log out, and where is the cookie duration set? I am aware there are tons of plugins that claim to manage this, but considering I already have 22 plugins, most of which are mandatory for the site, I do not want to add another. I want cookies to be deleted on logout, in case someone logs out and tries immediately to log back in – can someone try that and let me know what is going on? I already disabled cacheing in the wp-config and in the plugins.

• This reply was modified 4 years, 4 months ago by meilershsag.

meilershsag, please log into your site, then go to ‘Plugins’ > Add new’ & search for a plugin called “Health check”. You want the 1 by www.remarpro.com. Installing this will allow us to essentially deactivate the plugins & themes, but only for you, since this seems to be something I sense you’re really fearful about.

Once installed & activated, please select the troubleshooting tab. Acknowledge that you understand how troubleshooting mode works, & activate it.

You’ll need 2 browsers, essentially, the 1 you used to log in, & another which you’ll close out after each attempt. You may also want to clear that browser’s cache after each attempt as well.

Your first step will be to try to log in using that 2nd browser once the plugin is installed.

Let me emphasize this is temporary, ie, it can be uninstalled when you’re done, though having thus said, you might actually decide you want to keep it.

I do suspect that there are plugin conflicts on this site–likely more than 1. 22 plugins is an awful lot, though having thus said, I’ve administered sites w/more, though I don’t ever recommend it. I also don’t know how much support your LMS vendor provides, but since that’s where I think the problems are arising from, you may wish to consider contacting them if your support window hasn’t expired.