Can’t log out

Look in the top right of the dashboard for a link called sign out. I bet you can imagine what that does ??

Ummm. Not to be funny, but that’s the thing I’m talking about. Clicking on sign out does precisely nothing. I’m still logged in. No errors, just a refresh of the dashboard.

Closing down the window and going back to the login screen – takes me, not to the login screen, but directly into the dashboard. I realise that’s the cookie, but it obviously isn’t logging me out at all. So I cleared all cokkies. Went to the login screen. Logged in again and, lo and behold, cannot logout again.

Very strange. Now of my other wordpress sites have ever had this problem. And I have been onto others today, logging in and out normally. This site has just been moved to a new host and I guess it will be a setting somewhere. But I haven’t a clue where to look.

Something with the new host not processing cookies right. Have a talk with them.

I have exact the same problem – ‘sign out’ link does not log me out and redirects to dashboard. Same version of WP – 2.1.2

I have set it up on 2 separate websites – different hosts (one Windows/IIS, the other Linux/apache) and experienced the problem on both setups so it is not likely to be hosting related.

I do not know steps to reproduce this bug – all I know is right now I am ‘locked in’ in my Firefox browser but I tested my IE6 browser and logout is working ok at the moment.

Smells like a cookie related bug to me.

My hunch was that it is something to do with switching between using the ‘www’ before the domain name and not using it – which may affect how the cookies are accessed.

Update:

I’ve figured a way to reproduce this bug:

1. go to login page e.g. https://www.yourdomain.com/wordpressdirectory/wp-login-php and log in.
2. Click Sign Out to log out
3. now go to login page without the ‘www’ and login
4. Click Sign Out to log out
5. go to the login page WITH the www bit. You should be still logged out but instead you may find that you are still actually logged in and it will take you directly to dashboard

Note: depending on your config you may need to switch around and start with the ‘no www’ case first in order to reproduce.

Once you get ‘locked in’ the only way I know to log out is to clear your cookies in the browser

Playing around with it a bit further, I expected that another way to logout would be to copy the url from the sign out link and manually add in the ‘www’ bit. But to my surprise that did not work as expected. What happened is that it did actually log me out but then when I removed the ‘www’ from the url I discovered I was still logged in! So then I tried this again immediately followed by going to the log out url without the ‘www’. However that would not log me out – it redirected back to the dashboard still logged in. Baffling!

I have been experiencing the same error.
Removing all the cookies works, but I don’t know how to remedy this.

I recommend that if you have multiple users, use separate browsers per user.

ie. admin is Safari
and
user2 is mozilla.

I am using WP in addition to amember pro and am wondering if this is a result of the combination or if this error is just a WP error.

-shawn

One way to resolve this is to only have your blog accessible by one address. In other words redirect the www version to the version without www.

It’s definitly a cookie related bug.
Wordpress sets two cookies in the pluggable.php with the following code:
setcookie(USER_COOKIE, ‘ ‘, time() – 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, ‘ ‘, time() – 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(USER_COOKIE, ‘ ‘, time() – 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, ‘ ‘, time() – 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);

As you can see there are two paths which could be the problem.

I have this Problem with a Subdomain. A ticket about this Problem can be found here (opened two years ago and last modified 2 days ago)

My Solution

Delete all Cookies in your Browser

Open: \wp-includes\pluggable.php
Replace:`
if ( $cookiepath != $sitecookiepath ) {
setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);
}`

With: `/*
if ( $cookiepath != $sitecookiepath ) {
setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);
}
*/`

Login again and try to logout.
Fixed the Problem for me (Subdomain)

Oh, forgott to tell you that u have to change the lines before the replace stuff.

setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);

($cookiepath to $sitecookiepath)

So, I’m bringing this one back up. I’ve tested under WP 2.3.2 with two different browsers and two different blogs. General info: Mac OS 10.5.1; I’d’ve have to look up the PHP and MsSQL.

==> Under Safari 3.04 with blogA and blogB, I quite literally cannot log off; I can see the post-data ‘logout=”true”‘ flash by on the toolbar location window, but I’m just returned to the dashboard. Because I can’t get to the login screen, I can’t determine the status of the keep-me-logged-on checkbox.

==> Under Firefox 2.0.0.11, when I click the logout (sign out) link, I’m dumped back to the login window, but both the userid and the password fields are completed correctly. The keep-me-logged-on checkbox is not checked. When I log in as a different user and then log out, dumped back to the login window, but both the userid and the password fields are completed as the admin user with the admin user’s password.

Does that look like a security problem?

I’ll toss cookies (not the kind I tossed when I was a lot younger!) and then I’ll test again. Also, I’ll test on a different box soon.

Hi,
I have two parallel working sites (internal,external). External for the un-logged-in users (or un-registered) and internal for the logged in users. I created this system to fix a security breach. However all th login links had to be redirected to the internal site which I manged to do. The problem is that all the logout links have to be redirected as well (I can not use meta widget). So, having all this said… does anyone know how to make a working logout button?

Thanks

Alex