Bug #13187
closedLog In Glitch
0%
Description
Reporting an ongoing issue I've had with logging into the Commons.
I use LastPass, and when I log in via the "Log In" button on the WP Admin Bar using the LastPass Chrome OR Safari extension, I'm redirected to https://commons.gc.cuny.edu/wp-login.php?redirect_to=https%3A%2F%2Fgconline.commons.gc.cuny.edu%2Fwp-admin%2F and asked to log in again. I am, however, logged in (when I visit CAC in a new tab, or closing the tab and then visiting another page on the Commons).
If I log out of the Commons but do not quit the browser, and then log back in using the same method, I am not redirected. If I quit the browser and restart, I am then again redirected.
Happy to do additional testing.
Updated by Boone Gorges over 3 years ago
- Assignee set to Raymond Hoh
I've seen similar behavior - redirecting to root domain for logins even though logged in - though I'd be surprised if LastPass has anything to do with it.
Luke, can you confirm that you initiated the login request from gconline.commons.gc.cuny.edu?
Ray, you've configured lots of this login stuff. It sounds to me like the wordpress-mu-domain-mapping subdomain cookies are not being properly set or recognized in all situations, at least not until a page reload. Could you play with it and let me know what you think?
Updated by Luke Waltzer over 3 years ago
confirmed (though happening when logging in from anywhere)
Updated by Boone Gorges over 3 years ago
Gotcha. I assume that "happening when logging in from anywhere" means that you're always being bounced to the main site and then back to the proper site, not that you're always being redirected to gconline.commons specifically. Just want to be sure that you're not being sent to an unrelated site, which would be a separate bug.
Updated by Luke Waltzer over 3 years ago
Correct- bounced to main site, then redirected back to site of original attempt.
Updated by Raymond Hoh over 3 years ago
- Category name set to WordPress (misc)
- Status changed from New to Resolved
- Target version set to 1.17.2
I was able to duplicate this bug. This bug only occurred for administrators and when the site admin email confirmation screen has not been completed yet.
We have some custom login redirection code whenever we're on a sub-site and this conflicted with this new confirmation screen, which was added in WordPress core in v5.3: https://make.wordpress.org/core/2019/10/17/wordpress-5-3-admin-email-verification-screen/
To fix this, we bypass our custom login redirection code whenever this confirmation screen is needed. Since we also use a custom login template, I had to add some new CSS styles to make things look a little better.
Should be fixed in the following commits:- https://github.com/cuny-academic-commons/cac/commit/d5216f1c3ac3756713f6da00c031029c62d3f004
- https://github.com/cuny-academic-commons/cac/commit/fb0d2f8565d1781d4611e039594411f319268ce5
Applied as a hotfix on production.