Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add error message for nonce check failures #534

Open
mboynes opened this issue Mar 7, 2023 · 1 comment
Open

Add error message for nonce check failures #534

mboynes opened this issue Mar 7, 2023 · 1 comment
Milestone
Future Release

Comments

@mboynes
Copy link

mboynes commented Mar 7, 2023

When a nonce check fails, the user is quietly redirected to the site's homepage.

I encountered this situation with a shared account used by a development team, which I recognize is abnormal usage. If two users signed in at roughly the same time, one would end up not signed in and get redirected to the homepage (which in this case was actually a different domain from the WordPress admin, as "home url" and "site url" are different). It would have been more helpful in diagnosing what was happening if the nonce check failure redirected one user back to the login form with an informative error message.
@kasparsd
Copy link
Collaborator

Indeed, it would be useful to display an error for a vailed nonce validation. It could happen for legitimate reasons when the login page is open for long. I'm not sure how easy it would be to implement considering how inconsistent is the state management during the WP login flow.

@jeffpaul jeffpaul added this to the Future Release milestone Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Future Release
Development

No branches or pull requests
3 participants
@kasparsd @mboynes @jeffpaul