Code enhancement for cookie wf_loginalerted_

  • Resolved Mirco Babini

    (@mirkolofio)


    4 years ago

    On high traffic websites with a lot of user logins from different IPs (mobile phones), setting a log of cookies causes the following:

    400 Bad Request 
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

    This happens because wordfence creates a lot of cookies with the wf_loginalerted_ prefix.
    This should happen just for administrators: https://i.snipboard.io/7nahgO.jpg

    Instead, the cookie is set for non-admins as well. Because the code is simplistic:

    
if (wfConfig::get('alertOn_firstAdminLoginOnly') || wfConfig::get('alertOn_firstNonAdminLoginOnly')) {
   wfUtils::setcookie($cookiename, $cookievalue, time() + (86400 * 365), '/', null, wfUtils::isFullSSL(), true);
}

    Should be implemented this way: https://gist.github.com/mircobabini/e0fcdd87288ebfe7b7f40e65203ae201

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Mirco Babini

    (@mirkolofio)

    Since this was already discussed here and closed with no answer, please note that I’ve already seen it.

    We should not disable the notifications for new devices because of an unoptimized block of code. WordFence should never add useless and unrequested cookies to all users, when we just flag the feature for administrators.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @mirkolofio, thanks for your detailed and insightful message on what’s being seen here.

    I’ve spoken to a colleague who was glad to tell me he has replied to your other message regarding this and we will fix the unnecessary cookie in an upcoming release.

    Thanks again,

    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Code enhancement for cookie wf_loginalerted_’ is closed to new replies.