[NSFW] Session Mixed

Hi, thanks for opening a support request.

you said at the start of your message that after uninstalling the plugin you still had the issue, but at the end of your message you said that the issue disappears. Can you clarify which is correct?

As I mentioned in your review, Persistent Login uses a hook that WordPress provides to keep users logged in. This hook gives us the user ID to update.

Can you provide me with an example of a user who has had this issue? An example of their login cookie, and also their session data from the database? The database data will be in the user_meta table, with a key of ‘session_tokens’ for the users ID. Please obscure their IP address and any other sensitive data.

• This reply was modified 3 weeks, 4 days ago by lukeseager.

I have created over 100 users with the subscriber role and 3 administrators, with one designated as the super admin.

When some subscribers log in, they are sometimes mistakenly logged in as the super admin. This issue occurs randomly with some users. The super admin has only one session option and requires 2FA to log in. However, when I install the WordPress Persistent Login plugin, sessions seem to get mixed up, and most users gain administrator access.

When I deactivate the WordPress Persistent Login plugin, the issue disappears. However, when I reactivate it, the issue reappears.

• This reply was modified 3 weeks, 1 day ago by amfahadsafi.

I have created over 100 users with the subscriber role, including User X and User Y. I also have 3 administrators, with one designated as the super admin.

Expected Behavior:

• User X and User Y, both with the subscriber role, should only have limited access when they log in.
• The super admin should have higher privileges, limited to one active session at a time, and require 2FA for added security.

Issue When Using Persistent Login Plugin:

• When I activate the WordPress Persistent Login plugin, User X and User Y sometimes randomly log in with super admin access rather than their intended subscriber-level access.
• This issue occurs inconsistently and doesn’t affect all subscribers every time. Even though the super admin is restricted to a single session and requires 2FA, the login sessions still appear to get mixed up.

Temporary Solution:

• When I deactivate the WordPress Persistent Login plugin, the issue disappears, and users like User X and User Y only have subscriber-level access, as expected.
• However, when I reactivate the plugin, the session mix-up issue reappears.

Hi thank you for the information.

Can I ask if you’re website is a wordpress Multi site? You mention a super admin role, which isn’t a standard role on a single WordPress website.

Is it possible to share the website URL so I can test signing up as a subscriber to replicate the issue?

by mean of super admin i mean Administrator role ( the one by default)

Thank you. Is your website a WordPress Multi site installation?

No its not multi site

Thank you for confirming. Are you able to share the URL of the website with me please? If you’re concerned about sharing the URL publicly, you can send it to [email protected] (if www.remarpro.com administrators are happy for me to request that).

I’m conscious that any information shared here that lets me assist you could potentially be used to gain administrator access to your website. Which we definitely want to avoid.