Cannot Identify Non-Logged-In User

  • Resolved paulnewson

    (@paulnewson)


    6 years, 10 months ago

    Whenever I attempt to use the privacy tools page when not logged in to WordPress, when I click on the link from the email, but every single time it just displays “Sorry – the link seems to have expired. Please try again!” followed by a request to identify myself via email. I can download/delete the given user’s data from within the admin panel, but there is no way for them to be able to do it themselves, or indeed to request it since they can never be authenticated.

    I have tried in both Chrome and Internet Explorer, have tried in Chrome with the developer console open and caching disabled, have tried deleting the gdpr_key_… row from the wp_options table and starting again (it creates a new row with a new hashed key) but none of it makes any difference.

    Any suggestions?

Viewing 6 replies - 1 through 6 (of 6 total)

  • Similar issue here, only for me it just shows the regular Privacy Tools page when I click the link from the email. All that is shown is the “Please identify yourself via e-mail” field, no user data.

    Thread Starter paulnewson

    (@paulnewson)

    SOLVED IT!

    This was caused by attempting to read $_COOKIE[‘gdpr_key’] in the same request as setcookie(‘gdpr_key’…); setcookie() does not update $_COOKIE until the next page load, so I added $_COOKIE['gdpr_key']=$email . '|' . $key; to the end of the setIdentificationCookie function in wp_content/plugins/gdpr-framework/src/DataSubject/DataSubjectAuthenticator.php as follows:-

        /**
     * Set the identification cookie with the given key
     *
     * @param $key
     */
    public function setIdentificationCookie($email)
    {
        $key = $this->dataSubjectIdentificator->generateKey($email);

        setcookie(
            'gdpr_key',
            $email . '|' . $key,
            time() + (15 * 60),
            COOKIEPATH,
            COOKIE_DOMAIN,
            false,
            true
        );
        
        $_COOKIE['gdpr_key']=$email . '|' . $key;
    }

    I hope the plugin author fixes this in the next update so my edit doesn’t get overwritten.

    Great work again, thanks for tracking down the issue. I wonder if this issue might depend on the environment as well, because this functionality is definitely working for us as well as many other users.

    Will add the fix ASAP.

    Thread Starter paulnewson

    (@paulnewson)

    I think I jumped the gun. This edit made it work for a while but it is now behaving the way it was before. Most peculiar. I thought it might be something to do with caching but I don’t think that’s it either since the /privacy-tools/ page on our test site includes Cache-Control: max-age=0, private, no-store, no-cache, must-revalidate in the response header.

    Thread Starter paulnewson

    (@paulnewson)

    Update: The test site was using server side caching; after turning it off, the email link now works about 50% of the time, the other half giving the message about the link having expired – this is with SET_COOKE removed, so back to the original code.

    Hi there!

    Did you get this issue completely resolved? If so, what did you do exactly?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Cannot Identify Non-Logged-In User’ is closed to new replies.