[Plugin: WP-Members] Cookie not set correctly – user gets logged out when browser is quit

I’m not sure on that one, but I am finalizing a new release, so I’ll take a look and if we can work in a fix for this release, I’ll get it in there.

I think I found it. At first I thought that it was some kind of cookie conflict related to the usage of the deprecated function wp_setcookie instead of wp_set_auth_cookie, so I went ahead and updated it replacing:

wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);

by:

$theUser = get_userdatabylogin($user_login);
wp_set_auth_cookie($theUser->ID, $rememberme);

inside wp-members-core.php. But I had no luck with that, as the user wouldn’t be kept logged in.

So then I thought about the $rememberme variable. I couldn’t find where it was set. So maybe I was missing something, but $rememberme just didn’t seem to be set.

Since we had already taken the given value of the rememberme option from the user input, just a couple of lines above all that:

$creds['remember'] = $_POST['rememberme'];

I decided to use that value when setting the remember me cookie. So the resulting code was:

$theUser = get_userdatabylogin($user_login);
wp_set_auth_cookie($theUser->ID, $creds['remember']);

And it worked! The logged user can be remembered from now on.

Maybe the form could also use some esc_attr-style parameter sanitization for security reasons, but other than that, the fix should work perfectly.

By the way, it is a great plugin, Chad.

Thanks @eserrano! Glad you are liking the plugin!

I’ve actually got a fix for the issue in the upcoming 2.7.1 update (which is primarily a fix release for a couple of issues). The fix is essentially the same – the cookie was not being set with the correct rememberme value. In wp_setcookie, it should be set as ‘true’ and it was being passed as ‘forever’.

Edit: Never mind, please disregard.

Hi,

What does the line 438 in wp-members-core.php do?

if( ! $using_cookie )

Searching for this variable elsewhere in the plugin code returns nothing.