Improper Redirect after 2FA Login
-
We have a site with login redirects based on custom user roles. The post-2FA redirect works fine for the vast majority of users, but it redirects some cases to wp-login.php, which is not an ideal experience for non-admin users.
When the user who reported the bug performs a login with 2fa, he’s being redirected to wp-admin instead of the intended page.
Initially, it seemed only reproducible with this user. Upon inspection, though, the logistics seem to point out to bad handling on it-security / solid-wp part. Please refer to the screenshot linked below:
In the screenshot, note the continued polling to admin-ajax.php and an actual, proper redirect to project-directors page, which just seems to be in a race condition with the subsequent requests to admin-ajax.php, which return some sort of “state not found” error, which results in a secondary POST to wp-login.php, which, then redirects improperly to wp-admin.
The site is running php 7.4.33, WP 6.5.4, and the latest versions of all plugins, including Solid Security 9.3.3.
- The topic ‘Improper Redirect after 2FA Login’ is closed to new replies.