1362 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Lifetime Member
—
3rd January 2012 (4 months ago)
#
I'm not logged in with facebook (just normally member).
I tried to deactive ultimate facebook plugin and then logged in again but having the same issue.
1. clear the cookies in your browser
2. login at mapped domain, log out - what happens? - can you then let me know what cookies you have set.
3. clear cookies again.
4. login at orig domain, log out - again let me know what happens and what cookies where set.
It's definitely a cookie issue, just need to see what is creating which cookies and then see whats happening
The only problem i see with this pug is that if a user is at a internet shop then he will stay logged in to his site and then if a customer at the internet shop goes to his site then he would be logged in this can be a big problem
So i geuss if the user can log out of his site that the problem is solved .
1162 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Member par excellence
—
20th January 2012 (4 months ago)
#
@Mustafa disabled plugin ? Try and removed it from the plugs dir and see if the problem is still there then put it back and see it it got sorted :)
I had a problem like this before i only got it fixed by rebuilding Apache Configuration but i dont think your problem is the same as the one i have had.
1362 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Lifetime Member
—
22nd January 2012 (4 months ago)
#
Screenshot seems default.
The problem:When user logged in their mapped site - can't logout directly.
Second:If they are use dashboard via main site.They can logged out from main site, but can't logged out from mapped site with first click.
1362 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Lifetime Member
—
22nd January 2012 (4 months ago)
#
ok.
1)I cleared all cookies.
2)Logged in from mapped domain and then logged out - screenshot1
3)Cleared all cookies again
4)Logged in from orig domain - screenshot2
5568 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Support Kangaroo
—
4th February 2012 (3 months ago)
#
Greetings Mustafa :-)
We have not heard back from you as to the status of this issue.
If you are still having an issue with this please let us know so that we may try to get you fixed up as soon as possible by choosing to mark this ticket as unresolved.
This will also bring your ticket up front back in plain view again.
5568 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Support Kangaroo
—
5th February 2012 (3 months ago)
#
Greetings Mustafa :-)
in careful thought and consideration about this situation, it is my opinion that it is 110% cookie related.
Otherwise how could the return to the new site even know that they were ever logged in anywhere?
Or do they log into the main site somewhere and then log into there own site and then log out and they are redirected? Therefore the cookie originally set by the main site is not modified because they never logged out of the main site in the first place.
~or~ they log directly into there sub site?
in which an off the wall cure could be:
Ideally the redirect plugin deletes the offending cookie prior to redirection.
To have them redirected to a page that deletes the offending cookie and then that page re-directs them to the main site as normal.
Please advise sir in which order above thing are taking place.
5568 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Support Kangaroo
—
17th February 2012 (3 months ago)
#
Greetings Mustafa,
Just checking if this issue was eventually resolved in another thread? Or by
yourself separately to us? Or by us over email with you? Or using our live
support?
If so, no need to reply, that's great news.
If not, or you have any more questions related to this thread, please feel free
to post them below including any new symptoms or errors and tick the 'Mark as
Not Resolved (re-open)' box below the post area (or else we'll miss it!)
1063 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Lifetime Member
—
19th February 2012 (3 months ago)
#
We also have the exact same set-up as Mustafa.
I don't know (don't think so) if the issue was resolved for Mustafa, but we do experience the same problem, meaning:
We take a user that belongs to 4 sites.
Scenario 01.
The user logs-in to the mapped domain (where he is an admin), does stuff, logs out. On the mapped site he is out.
He then presses the link to the main site where he reads the screenshot message.
Please have a look at the screenshot:
When clicks on those links everything works (he is taken to the dashboards) as IF he was never logged out. The only site that won't let him in is the mapped domain.
Even if he doesn't click on the main site but to ANY site that he has a role he gets access to the dashboards. In order for him to be REALLY logged out, the user has to go to and log out from any of the NON-mapped domains.
Scenario 02.
The exact same set up, only this time, the user is a subscriber to the mapped domain and logs-in from a public place (an internet cafe, school, work), does stuff, logs out. Leaves.
Next person comes along, clicks the main site's link, sees the message and can now even log into our user's NON-mapped admin dashboards. I leave the rest to the imagination...
I do certainly consider this as a security hole. Can you please look into it asap?
Thank you.
1063 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Lifetime Member
—
25th February 2012 (2 months ago)
#
@Arun Basil Lal
Hi Arun,
Have you tried it yourself? Doesn't anyone else experience the same issue?
I mean out of 1000+ downloads is is only us two who have this problem???
Has Barry looked into this? Any progress yet? Please keep us posted.
Thanks
5568 pointsLike some sort of WPMU DEV GodMindblowingly helpful memberLifetime member
Support Kangaroo
—
2nd March 2012 (2 months ago)
#
Greetings marikamitsos & Mustafa,
Barry has been flagged for this but he is currently dealing with the almost completed new version of Membership plugin and related issues and has not been able to significantly direct his attention to this issue yet.
To answer your question marikamitsos:
Doesn't anyone else experience the same issue?
To date you folks are the only two we know that are experiencing this problem and I have not been able to replicate it on my development server nor my production server. However, this does not mean that it is any less important to be resolved.
Thank you for your patience and Barry should be in on this sooner then later.
I can't duplicate the issue locally, or on the one of the other sites I have that has mapping, so trying to narrow things down. The screenshots of the cookies you posted don't show a logged in cookie name (that I can see, as you've only put the partial names part up and not the details)
@marikamitsos Ok, sorry I was responding to the original poster.
Having just had a read through, I notice that you haven't posted any of the information I'd originally asked him, so can you pop up the details of the cookies you have set when you are logged in, and when you have done the log out.
I need the cookie details for both the mapped domain and the main domain.
Responses (50)
Sales & Support Pro — 8th December 2011 (5 months ago) #
Hiya,
That sounds like you have cookie conflicts going on. Perhaps you change the setting for which domain to use in admin?
Clearing cookies should clear it out...
Thanks,
Phil
Lifetime Member — 8th December 2011 (5 months ago) #
interesting conflicts , because I tried with another browser? (Also I tried to clean up cookies)
Sales & Support Pro — 3rd January 2012 (4 months ago) #
Just to clarify - site owners aren't able to log out from their mapped domain? I.e. they are always logged in, whatever they do?
Lifetime Member — 3rd January 2012 (4 months ago) #
Yep! exactly
Sales & Support Pro — 3rd January 2012 (4 months ago) #
That's really weird - even after you've deleted cookies?
Obviously it's the cookies that keep you logged in so I would expect that alone would log you out.
Are you using anything like Ultimate Facebook to login?
Lifetime Member — 3rd January 2012 (4 months ago) #
yes,I'm using ultimate facebook for login.
Sales & Support Pro — 3rd January 2012 (4 months ago) #
Okay, I suspect that's the problem then. Can you de-activate that, log out of Facebook and then try logging out please?
Lifetime Member — 3rd January 2012 (4 months ago) #
I'm not logged in with facebook (just normally member).
I tried to deactive ultimate facebook plugin and then logged in again but having the same issue.
It's interesting cookie conflict :/
Support Kangaroo — 3rd January 2012 (4 months ago) #
Greetings Mustafa :-)
what about on facebook login itself it has the option of "keep me logged in" which possibly is keeping you logged in???
Also what about super cookies, also known as LSO's ????
However, after checking on my machines I could not find any FaceBook LSO's nor fany from our Multi Sites .....
But are you forever logged in to Facebook or the setting is so ..... and that is possibly keeping your seesion alive for the Mapped Domains?
Joe :-)
Sales & Support Pro — 4th January 2012 (4 months ago) #
Oh man, that's crazy... I'm gonna call in the troops on this one!
Member par excellence — 4th January 2012 (4 months ago) #
@Mustafa Try this :) Yes i did it after i got hacked and it seems to have sorted out 100% of my login problems
wp-config.php
Get some new SALT
https://api.wordpress.org/secret-key/1.1/salt/
Just give it a try.
Support Kangaroo — 4th January 2012 (4 months ago) #
Greetings Mark de Scande :-)
now that is a great tip that we always do ourselves but did not think to mention :-)
Joe :-)
Member par excellence — 4th January 2012 (4 months ago) #
@aecnu NoProblem i help were i can :)
Sales & Support Lead — 8th January 2012 (4 months ago) #
@Mustafa, is this still an issue? Do you have unique salts defined in wp-config?
let us know. thanks!
Lifetime Member — 9th January 2012 (4 months ago) #
@masonjames
I've tried another salts but I have still issue.
Sales & Support Lead — 9th January 2012 (4 months ago) #
Thanks for letting us know. I'm stumped here as well. Not something I've seen before, good job ;)
Let me grab Barry on this one. He'll have an idea for us I reckon. Thanks!
Developer — 19th January 2012 (4 months ago) #
Can you try the following.
1. clear the cookies in your browser
2. login at mapped domain, log out - what happens? - can you then let me know what cookies you have set.
3. clear cookies again.
4. login at orig domain, log out - again let me know what happens and what cookies where set.
It's definitely a cookie issue, just need to see what is creating which cookies and then see whats happening
Lifetime Member — 20th January 2012 (4 months ago) #
Hiya Barry,
First - I logged in my mapped domain ex:mycustomdomain.com/wp-admin then click to logout.Logout successfully but main site seems still logged in.
Second - I logged in from main site.Then click to logout.Logout successfull but custom site seems still logged in.
Thanks for helping.
Member par excellence — 20th January 2012 (4 months ago) #
@Mustafa just my 2 cents :) is this the end of the world that a user can not log out my thinking is that it is not the end of the world .
Just a idea http://premium.wpmudev.org/project/remember-me-checked so all users always will be logged in to there sites
The only problem i see with this pug is that if a user is at a internet shop then he will stay logged in to his site and then if a customer at the internet shop goes to his site then he would be logged in this can be a big problem
So i geuss if the user can log out of his site that the problem is solved .
Again it is just my toughs
Member par excellence — 20th January 2012 (4 months ago) #
@Mustafa just had a thought yes i get those try to change your pass word and then do your test again .
Lifetime Member — 20th January 2012 (4 months ago) #
Hiya @Mark de Scande,
I disabled plugin and then cleared cookies but problem still going.
Developer — 20th January 2012 (4 months ago) #
When you logout, what screen are you taken to?
Member par excellence — 20th January 2012 (4 months ago) #
@Mustafa disabled plugin ? Try and removed it from the plugs dir and see if the problem is still there then put it back and see it it got sorted :)
I had a problem like this before i only got it fixed by rebuilding Apache Configuration but i dont think your problem is the same as the one i have had.
Member par excellence — 20th January 2012 (4 months ago) #
@Barry thank you for helping :) one day i will ask you to have a look at my DB setup just need some advice :)
Lifetime Member — 20th January 2012 (4 months ago) #
@Barry, Can I send my login info via mail?
Lifetime Member — 21st January 2012 (4 months ago) #
@Mark de Scande
I removed remember-me-checked plugin but the problem not fixed :/
Developer — 22nd January 2012 (4 months ago) #
Can you pop up the details of the cookies I asked for earlier on? Might be able to spot something by checking what has and hasn't been set. Cheers.
Lifetime Member — 22nd January 2012 (4 months ago) #
Screenshot seems default.
The problem:When user logged in their mapped site - can't logout directly.
Second:If they are use dashboard via main site.They can logged out from main site, but can't logged out from mapped site with first click.
Thanks.
Developer — 22nd January 2012 (4 months ago) #
Not sure what you mean there :)
Really need those cookie details I asked for, then I can see what cookies are keeping you from logging out on your install, so I can go some way to working out the issue.
http://premium.wpmudev.org/forums/topic/log-out-problem-for-mapped-domains#post-172926
Lifetime Member — 22nd January 2012 (4 months ago) #
ok.
1)I cleared all cookies.
2)Logged in from mapped domain and then logged out - screenshot1
3)Cleared all cookies again
4)Logged in from orig domain - screenshot2
Thanks
Support Kangaroo — 4th February 2012 (3 months ago) #
Greetings Mustafa :-)
We have not heard back from you as to the status of this issue.
If you are still having an issue with this please let us know so that we may try to get you fixed up as soon as possible by choosing to mark this ticket as unresolved.
This will also bring your ticket up front back in plain view again.
Joe :-)
Lifetime Member — 5th February 2012 (3 months ago) #
Hi aecnu,
Thanks for help.But still having this problem.When user logged out from mapped domain they still logged in for main site.
If you want to check it,I can send my login detail via contact form or your site. (http://www.acecomputertechsupport.com/)
Thanks.
Support Kangaroo — 5th February 2012 (3 months ago) #
Greetings Mustafa :-)
a few questions please sir so that I may go ahead and test on our production sites :-)
a) the Member Logs into the mapped domain site and does whatever and then logs out.
b) how do they get to the main site to see they are still logged in?
Joe :-)
Lifetime Member — 5th February 2012 (3 months ago) #
hi Joe,
First, we are using logout redirect plugin.So when users logged out they go to main site.
a)When they logs out redirect to main site.And I can see toolbar at main site.That's mean they're still logged in for main site.
b)yes they are still logged in.
Thanks for quick response.
Support Kangaroo — 5th February 2012 (3 months ago) #
Greetings Mustafa :-)
in careful thought and consideration about this situation, it is my opinion that it is 110% cookie related.
Otherwise how could the return to the new site even know that they were ever logged in anywhere?
Or do they log into the main site somewhere and then log into there own site and then log out and they are redirected? Therefore the cookie originally set by the main site is not modified because they never logged out of the main site in the first place.
~or~ they log directly into there sub site?
in which an off the wall cure could be:
Ideally the redirect plugin deletes the offending cookie prior to redirection.
To have them redirected to a page that deletes the offending cookie and then that page re-directs them to the main site as normal.
Please advise sir in which order above thing are taking place.
Joe :-)
Support Kangaroo — 17th February 2012 (3 months ago) #
Greetings Mustafa,
Just checking if this issue was eventually resolved in another thread? Or by
yourself separately to us? Or by us over email with you? Or using our live
support?
If so, no need to reply, that's great news.
If not, or you have any more questions related to this thread, please feel free
to post them below including any new symptoms or errors and tick the 'Mark as
Not Resolved (re-open)' box below the post area (or else we'll miss it!)
Otherwise, happy days, glad you got it sorted :)
Thank you for being a WPMU Dev member!
Cheers, Joe :-)
Lifetime Member — 19th February 2012 (3 months ago) #
We also have the exact same set-up as Mustafa.
I don't know (don't think so) if the issue was resolved for Mustafa, but we do experience the same problem, meaning:
We take a user that belongs to 4 sites.
Scenario 01.
The user logs-in to the mapped domain (where he is an admin), does stuff, logs out. On the mapped site he is out.
He then presses the link to the main site where he reads the screenshot message.
Please have a look at the screenshot:
When clicks on those links everything works (he is taken to the dashboards) as IF he was never logged out. The only site that won't let him in is the mapped domain.
Even if he doesn't click on the main site but to ANY site that he has a role he gets access to the dashboards.
In order for him to be REALLY logged out, the user has to go to and log out from any of the NON-mapped domains.
Scenario 02.
The exact same set up, only this time, the user is a subscriber to the mapped domain and logs-in from a public place (an internet cafe, school, work), does stuff, logs out. Leaves.
Next person comes along, clicks the main site's link, sees the message and can now even log into our user's NON-mapped admin dashboards. I leave the rest to the imagination...
I do certainly consider this as a security hole. Can you please look into it asap?
Thank you.
Lifetime Member — 19th February 2012 (3 months ago) #
Hi,
I haven't fixed this problem yet.Users still need logout with two step.
first step -> logout from mapped domain
second step ->logout from main domain.
I guess this is about wordpress structure.
Sunrise file sets COOKIE_DOMAIN value to mapped domain if not sets using default value.
So, maybe we need to edit wp-includes/pluggable.php file.
Support Quarterback — 24th February 2012 (2 months ago) #
@Mustafa
I was going through the tread and found it very interesting. How did editing wp-includes/pluggable.php go? Found something interesting?
Arun Basil Lal
Lifetime Member — 25th February 2012 (2 months ago) #
@Arun Basil Lal
Hi Arun,
Have you tried it yourself? Doesn't anyone else experience the same issue?
I mean out of 1000+ downloads is is only us two who have this problem???
Has Barry looked into this? Any progress yet? Please keep us posted.
Thanks
Support Kangaroo — 2nd March 2012 (2 months ago) #
Greetings marikamitsos & Mustafa,
Barry has been flagged for this but he is currently dealing with the almost completed new version of Membership plugin and related issues and has not been able to significantly direct his attention to this issue yet.
To answer your question marikamitsos:
To date you folks are the only two we know that are experiencing this problem and I have not been able to replicate it on my development server nor my production server. However, this does not mean that it is any less important to be resolved.
Thank you for your patience and Barry should be in on this sooner then later.
Cheers, Joe :-)
Lifetime Member — 8th March 2012 (2 months ago) #
Any news on the subject?
Developer — 8th March 2012 (2 months ago) #
If you disable that plugin, does the logout work?
Developer — 8th March 2012 (2 months ago) #
I can't duplicate the issue locally, or on the one of the other sites I have that has mapping, so trying to narrow things down. The screenshots of the cookies you posted don't show a logged in cookie name (that I can see, as you've only put the partial names part up and not the details)
Lifetime Member — 8th March 2012 (2 months ago) #
I don't know about Mustafa but we do not use that plugin.
Developer — 8th March 2012 (2 months ago) #
@marikamitsos Ok, sorry I was responding to the original poster.
Having just had a read through, I notice that you haven't posted any of the information I'd originally asked him, so can you pop up the details of the cookies you have set when you are logged in, and when you have done the log out.
I need the cookie details for both the mapped domain and the main domain.
Lifetime Member — 8th March 2012 (2 months ago) #
Sorry, but I will need some guidance on the cookies:
I am on: Safari 5.1.2 and Mac 10.6.8
I canNOT see details for my cookies as I do with Mozilla.
Lifetime Member — 8th March 2012 (2 months ago) #
Hiya folks,
@barry I've already send cookie info http://premium.wpmudev.org/forums/topic/log-out-problem-for-mapped-domains#post-173645
Yes! My problem solved with this way :) Thanks for helping.
@marikamitsos I marked as resolved this topic, you can create a new topic for your issue.
Cheers,
Developer — 8th March 2012 (2 months ago) #
@mustafa - yeah, that reply was for @marikamitsos
Safari -> Preferences -> Privacy tab -> Details button
Lifetime Member — 8th March 2012 (2 months ago) #
Hmmm... I thought they were almost identical. Happy it was solved for you Mustafa. :)
Anyway. Barry should I start another topic? Could we resolve this here without having to transfer all my comments to a new post?
Please advice.
Become a member