Registration works, but login does not

That is indeed a bit weird. The messages listed are normal; it just logs the registration of a Vipps id with an account (either existing or newly created); it is mostly for debugging. Couple of questions:

1. When logging in, this plugin calls the ‘authenticate’ filter so that two-factor plugins and others that may want to filter logins can verify the user/login. Do you have any plugins like this?
2. If your front-end is cached, please ensure that the ‘my account/login’ ‘ page is excepted for caching.
3. I’m guessing this is for WooCommerce?

Hi, Thanks for the fast reply and sorry for my late one.
I didn’t get any notification by mail for this.

Anyway, to answer your questions:
1. we use no other login plugins.
2. We have turned off the cache as site is under developement, but we still have turned off caching for /min-side and no cigar.
3. Yes.

We tried changing some settings in the vipps portal, but with no luck there.
Then I deactivated all themes and plugins except woocommerce and yourt plugin, still no luck.

So I believe there is an issue related to your plugin and not interference.

Here are my current settings in plugin:
https://pasteboard.co/xVswdzqQpOlK.png

If accounts get created after the return from Vipps, all the Vipps-specific parts of the plugin work as they should. The very last thing the plugin does is to log in the user and redirect to /min-side; where you should either be logged in or get an error message displayed.

Can I try to register a customer on the site just to see what happens?

Please do! ??

So, none of the login cookies get set, but the redirect happens with no error-condition marked.

It’s not uncommon for sites to strip cookies on “unknown” pages, since this improves caching; but it also means that you will need to tell your cache/frontend about any “special” pages. For this, this means the URL ‘/wp-vipps-login/continue-from-vipps/‘ which is the one that handles the return from Vipps on your site (This page does provide “nocache”-headers, but they may be ignored here).

I can add some more logging if this does not work, but on first look it looks a lot like CloudFlare is wiping your cookies.

Thanks for the feedback.

So I have to tell my server-engineer to disable caching for /wp-vipps-login/continue-from-vipps/ and it should work?

It’s worth a try, yes; everything else looks like it should but the Cookie: line is not present in the headers.

If you prefer to do more logging first, you can try to log at this action:

add_action('continue_with_vipps_before_login_redirect', function ($user, $session) {
error_log("We've successfully logged in the user and set the auth cookies, now we are going to redirect!");
}, 10, 2);

I have disabled the cache for that page and still not able to login.
I will try the logging and see what I get.

I logged the user and session vars as well, and all seems to be fine. (Some info redacted). So the conclusion would be to get the server engineers on it? Have you experienced similiar issues with other cloudflare sites?

[05-Mar-2024 08:37:25 UTC] We've successfully logged in the user and set the auth cookies, now we are going to redirect!

[05-Mar-2024 08:37:25 UTC] user: WP_User::__set_state(array(

   'data' =>

  (object) array(

     'ID' => '11',

     'user_login' => '███████████',

     'user_pass' => '███████████',

     'user_nicename' => '███████████',

     'user_email' => '███████████@gmail.com',

     'user_url' => '',

     'user_registered' => '2024-02-22 16:57:04',

     'user_activation_key' => '█████████████████████████████████',

     'user_status' => '0',

     'display_name' => '███████████',

  ),

   'ID' => 11,

   'caps' =>

  array (

    'customer' => true,

  ),

   'cap_key' => 'wp_capabilities',

   'roles' =>

  array (

    0 => 'customer',

  ),

   'allcaps' =>

  array (

    'read' => true,

    'customer' => true,

  ),

   'filter' => NULL,

   'site_id' => 1,

))

[05-Mar-2024 08:37:25 UTC] session: VippsSession::__set_state(array(

   'sessionkey' => '███████████+cznuj3GynxKuffZOrhFTFU5M/███████████',

   'contents' =>

  array (

    'referer' => 'https://w6lreq17ts.wpdns.site/',

    'cookie' => 'e0CRhNDXuZY+SK1SotlGTe8gsSMB4w2CxxBd5VSHEGk=',

    'application' => 'woocommerce',

    'action' => 'login',

    'userinfo' =>

    array (

      'address' =>

      array (

        'address_type' => 'home',

        'country' => 'NO',

        'formatted' => '███████████ ███████████

████

OSLO

NO',

        'postal_code' => '█████',

        'region' => 'OSLO',

        'street_address' => '███████████ ███████████',

      ),

      'email' => '███████████@gmail.com',

      'email_verified' => true,

      'family_name' => '███████████',

      'given_name' => '███████████',

      'name' => '███████████',

      'other_addresses' =>

      array (

      ),

      'phone_number' => '███████████',

      'sid' => '███████████',

      'sub' => '███████████-b5fb-4e48-96a9-███████████',

    ),

  ),

   'destroyed' => false,

))

Just a follow up:

Talked to engineers and they have excluded the cookie from the list, it is working now. ??

Greatly appreciate your help!

• This reply was modified 8 months, 4 weeks ago by baggyno.

Excellent! Cloudflare is pretty aggressive about caching and zapping cookies; though I haven’t seen this particular case before.