Hesk Integration and session tokens
-
Where do I start? ??
Several months ago, I modified the latest HESK helpdesk code base to integrate with wordpress (WP), which at the time was 3.6. The mods were fairly straight forward. For files that displayed content, I would add a require for the path to wp-load.php (wp_blog_header.php didn’t see to work so well). In the appropriate files, I added the wp_header and wp_footer calls, and added the content divs for my particular theme (Avada). Everything worked perfectly. It was almost too easy.
Then I upgraded to WP 3.7 and everything went to hell. I could not sign into the HESK admin pages using the single session option (the browser NOT automatically logging me in every time) without all kinds of ‘session expired’ messages, kicking me back to the login page. The only way to successfully logon was to use the “remember me every time I visit” option. But then, I could do nothing in the admin panel without ‘invalid action’ errors. The reason for these errors in because the session token – for reasons I cannot determine – changed. The token stored in the $_SESSION[‘token’] and the current token (using _GET or _POST) were ALWAYS different, which HESK would not allow, and kick back and error.
I can only surmise that some change between WP 3.6 and 3.7 is messing with the tokenizing in HESK, probably because of the wp-load.php inclusion. So what changed between 3.6 and 3.7 that causes this? I don’t know, and that’s why I am here. I’m not asking anyone to look this up for me (unless’in you want to), but rather, point me in the direction where I can look this up for myself, where I can determine if this integration incompatibility is fixable. Or, if anyone knows why this is a problem of the top of their head, please, share your wisdom!
The last thing I want to do is iFrame the HESK pages into my theme, because it looks ugly, and I’m not a fan of iFrames.
Much thanks in advance to any WP guru who may be able to offer assistance.
– Kevin
- The topic ‘Hesk Integration and session tokens’ is closed to new replies.