PHP Warning: Cannot modify header information – headers already sent

  • On line 178 of classes/wp-persistent-login.php the call to wp_set_auth_cookie is resulting in lots of PHP warnings like this:

    [29-Apr-2023 23:00:46 UTC] PHP Warning:  Cannot modify header information - headers already sent in /home/.../public_html/wp-includes/pluggable.php on line 1089

    • This topic was modified 1 year, 10 months ago by joneiseman.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter joneiseman

    (@joneiseman)

    I think the problem was introduced in version 2.0.12 with the following change in classes/wp-persistent-login.php:

    35c35
<               add_action( 'auth_cookie_valid', array( $this, 'update_auth_cookie' ), 10, 2 );
---
>               add_action( 'set_current_user', array( $this, 'update_auth_cookie' ), 10, 0 );

    I think it’s not safe to call wp_set_auth_cookie when the set_current_user action is triggered since the page may already be loaded.

    Plugin Author lukeseager

    (@lukeseager)

    hi @joneiseman, thank you for letting me know about this. I will look into the issue.

    The change you mention was put in place to allow compatibility with Yoast SEO and Wordfence, the previous hook was causing a 500 internal server error for some users. I will look into a solution that avoids both the error and the warning.

    if you’re seeing the warning on your live public facing website, I would advise turning off PHP warnings and notices as they can be useful to attackers, as well as frustrating for users.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘PHP Warning: Cannot modify header information – headers already sent’ is closed to new replies.