Why won't sites w/custom domain names recognize my WP login?
-
No cookie blocker. As noted above, cookies are accepted and my login persists after closing and reopening the browser. The problem occurs on 3 different browsers. My verdeviewer login was still being recognized by judithcurry.com and wattsupwiththat.com back on October 14, as I can see on my “Comments I’ve made” page. After that date it was not.
-
I have confirmed that the problem is definitely not with your account, so your browser, device or connection are the only options.
As you have the problem with multiple browsers, it might be your device. Can you please check if you have the same problem if you use a different computer? Do you have any anti-virus or anti-malware software installed on your computer? Does it make a difference if you deactivate those?
Next, can you try a different connection? If you’re using a desktop PC, try connecting via your phone instead of your regular connection. If you have a laptop, try connecting via wi-fi at a coffee shop or library.
One other thing you can try, that has worked for me when this has happened in the past: while viewing that page, try force-refreshing it (Ctrl-F5). This usually makes the admin bar appear for me if it doesn’t appear on the initial load.
-
Refresh has no effect.
What I see happening is this, using judithcurry.com as an example:
I go to any https://%5Bwhatever%5D.wordpress.com blog and the pages are able to read wordpress.com login cookies serverside. My login is recognized and the admin bar is added to the page at the server.
But http://judithcurry.com cannot read wordpress.com cookies. So its html pages load javascript from https://r-login.wordpress.com to verify my login. At this point, judithcurry.com pages should get a test cookie, I should be recognized as logged in, and the javascript should insert the admin bar on the page. That doesn’t happen.
What this might have to do with my OS or device eludes me, especially since things were working two months ago, but I’ll check it out when I get a chance.
Your help resolving this issue is appreciated, kokkieh. Are you a WordPress.com employee?
-
I am a WordPress.com employee, yes. That’s how I was able to verify that it’s not your account that has a problem.
I’ve been looking back over this thread in case I missed something, and spotted you wrote this:
I’m not blocking first-party cookies
You may have mistyped, but just in case, are you blocking third-party cookies? As cookies are attached to a domain, in our case WordPress.com, it becomes a third-party cookie as soon as you visit a site with a custom domain. If you are blocking third-party cookies (a legitimate practice in terms of privacy) our tracking cookies will also be blocked on those sites. Adding an exception for WordPress.com to your third-party cookies should then resolve this.
You can see here for more information:
-
kokkieh, that is exactly what I had to do to fix the problems I had with custom domain blogs. For each one, I had to add it to the “exceptions” list on my browser’s privacy section for cookies accepted.
-
Success! Good job, kokkieh. An exception to accept all wordpress.com cookies did the trick.
Still some mysteries. For example, this did not initially work for judithcurry.com, which had set a wpc_wpc cookie (must be first-party, right?) when I’d previously clicked the WordPress logo in the comment box. When I browsed there I got the judithcurry.com/remote-login.php page with the error message “Invalid key [8].” The address had a long argument list ending with “h=”. I was obviously mistaken when I assumed that wasn’t relevant to the problem. Maybe this should be looked into.
After deleting all cookies, restarting the browser, and logging in, judithcurry.com is now recognizing I’m logged in.
Another oddity is that “verdeviews.wordpress.com” was already a browser cookie exception and I don’t recall adding it. I simply edited that to “[*.]wordpress.com.
And then there’s the question of why the problem suddenly began.
Anyway, everything’s currently copasetic. I haven’t tried using my WordPress login for a Blogspot comment, but that’s not an issue.
Thanks for your diligence in finding a solution.
-
Inspected the cookies. All custom-domain sites now have a full complement of WordPress cookies, not just wpc_wpc.
-
Still curious, though: If judithcurry.com was able to set wpc_wpc without third-party cookies enabled when I clicked the login link, could it not also have set the other cookies at the same time?
-
I’m not an expert on the technical side of this, but as I understand it, there’s global WordPress.com cookies, like those that track your login, but each WordPress.com site you visit also sets its own cookies.
When you visit a site with a free address, there’s no conflict, as all cookies on that URL are primary cookies, seeing that each free address is merely a subdomain of WordPress.com. However, the moment you’re on a site with a custom domain, only the site-specific cookies are primary, while the global WordPress.com cookies become third-party cookies as they no longer match the domain.
Why it suddenly began I don’t know. My guess is a browser update that changed some settings without you knowing it. Chrome has done that to me more than a few times, which is one of the reasons I switched to Firefox – I got tired of Google deciding for me what my settings must be and what software I must have installed on my computer :)
I haven’t been able to turn up anything about the Invalid Key error, but if it happens again, please take a screen shot of the error message and copy the exact URL and let us know so we can investigate it further.
-
kokkieh:
…only the site-specific cookies are primary, while the global WordPress.com cookies become third-party cookies as they no longer match the domain.
And yet, while browsing with third-party cookies disabled, clicking the WordPress logo in the comment box on a blog with a custom domain name sets my WordPress identity cookie in that domain.
I don’t want to spend any more time trying to figure out how that happens — maybe it’s a browser security issue.
I’ve marked the thread “resolved.” Thanks again for your help.
-
maybe it’s a browser security issue.
Possibly, but as I said my knowledge about this is sketchy at best :)
Please don’t hesitate to ask if we can help with anything else in future.
- The topic ‘Why won't sites w/custom domain names recognize my WP login?’ is closed to new replies.
WordPress.com Forums 