New to the community? Start here

Login attempt to subsite fails (where login to rootsite works).

Domain Mapping v4.4.0.5, WordPress 4.2.2 in subdir mode with wp-{login,admin} forced SSL.

Somewhere between DM v4.4.0.3 (which worked okay) and v4.4.0.5, we’ve been having trouble with logins to subsites in a WPMS installation:

1. An admin user, with no cookies whatever (eg from a private browsing session) goes to

https://original.com/siteslug/wp-admin/

2. Since no cookies, the browser gets a 302 to:

https://original.com/siteslug/wp-login.php?redirect_to=https%3A%2F%2Foriginal.com%2Fsiteslug%2Fwp-admin%2F&reauth=1

NB: See very end of this post for a clue that might be relevant to diagnosis

3. User logs in but, instead of going to siteslug’s wp-admin, the browser gets a 302 to

https://original.com/siteslug/siteslug/wp-login.php

(Note the duplicated /siteslug/ component of the URL.) The user is still not logged in and cannot access their dashboard because the 302 didn’t return auth cookies.

Pretty much the same thing happens without the ?redirect_to etc.

Note that an attempt to access the root site’s dashboard directly (eg https://original.com/wp-admin/) redirects and logs in as you would expect. So the problem appears to be the presence of the site slug.

Work around, therefore:

1. Go directly to https://original.com/wp-login.php

2. Log in

3. Then go to https://original.com/siteslug/wp-admin/

Even though the POST to wp-login.php returns a 302, it does also return Set-Cookie headers, so everything will work as expected.

It’s an annoying bug (mainly because I keep getting support requests about why my admins can’t log into their sites), but the work around makes it not a critical one.

First sign of something going wrong:

Look at the HTML for the login screen at stage #2 (of the failure case). Though every other URL in the mark-up is of the correct form (domain.com/siteslug/whatever), the action URL of the login form itself is already wrong, ie:

<form name="loginform" id="loginform" action="http://original.com/siteslug/siteslug/wp-login.php" method="post">

Unfortunately, that can’t be the only problem because if I edit out the extra siteslug in the HTML directly in my browser, the result is the same.

If I take the siteslug altogether, it fails once again but, this time, the form URL is correct and an attempt to log in works per the work-around.

I don’t know how much help that is, but maybe it’s a clue as to where to begin to look.

If you can point me at a copy of v4.4.0.4, I’ll try that and see if the problem was introduced in 4.4.0.4 or 4.4.0.5.

Mon, 25 May 2015 17:10:11
  • Patrick Cohen
    • Technical Docs Wrangler

    Hi there @David King

    I hope you had a great weekend!

    Thanks very much for the detailed report. :slight_smile:

    Indeed, if you could re-install a previous version to test with on your instal, that would be ideal. You can get any version you need of any of our products by clicking the Changelog link in the header of the product page. Then click the Download button for the version you want. You can then upload from your computer & activate that version just like any other plugin.

    [attachments are only viewable by logged-in members] [attachments are only viewable by logged-in members]

  • David King
    • Site Builder, Child of Zeus

    Yes, confirmed, 4.4.0.6 fixes this particular problem. Had to install it manually, 4.4.0.6 is not yet showing up as an available update in the wordpress plugins update page, but I expect it will in time.

    Still got some other bugs not fixed, but I’ll follow that up in their respective threads.

    Thanks,

    DK.

  • Ash
    • Code Norris

    Hello @David King

    Thanks for confirming :slight_smile:

    Still got some other bugs not fixed, but I'll follow that up in their respective threads.

    I believe the developer is working on the fixes and will communicate with you in your other threads.

    Had to install it manually, 4.4.0.6 is not yet showing up as an available update in the wordpress plugins update page, but I expect it will in time.

    The plugin communicate with our server once in 12 hours, that means twice a day. If you hear any update of the plugin but don't see any notification, please go to WPMU DEV > Updates and click on Update Now to manually communicate with our server. Please check screenshot.

    Cheers

    Ash

    [attachments are only viewable by logged-in members]

  • David King
    • Site Builder, Child of Zeus

    @Patrick

    Hah, thank you. Let’s just hope the dev(s) accept my patch :wink:

    Because I haven’t been able to get anybody to acknowledge (yet) that there is a fundamental problem with https:// requests to mapped domains. But like the devs, staff are inordinately busy, so I understand.

    But we need either the patch I proposed (or something like it) applied:

    https://wpmudev.com/forums/topic/bug-report-admin_url-returns-mapped-domain-with-https-url?replies=9#post-886365

    because, well, this plugin is probably the most important plugin we use, and I can’t keep patching it on each new release :smiley:

  • Ash
    • Code Norris

    Great job @David King!

    I believe the developer Sam is looking at the patch, he will look if there is any incompatibility and if everything is okay, he will definitely add that.

    Let’s wait for his decision in that thread :slight_smile:

    Cheers

    Ash