> I think it's a bit premature to suggest that WordPress is broken. It > is used on tens of millions of sites and people are able to login fine >every day.
Number of users is not a quality metric! Look at Windows... (Heh heh heh) > Well there's your problem! > > That only affects the cookies that are stored in the cookies file > (which is not normally used). > > Doh! It seemed like such a likely culprit, too! > > I'd be really hesitant to change the behavior of the test environment to > > mask a bug you uncovered, though. Sending expired cookies IS a bug, and > it's > > something the guys running the server should fix. > > If this is a general problem, I suppose it might make sense to add an > option to remove the expiry date from stale cookies, turning them into > session cookies. > But AFAIK this is the first time this has been reported [, and might > cause indigestion (!) in some cases]. > > Well it sounds like the web browser is also storing and using the expired cookie, and the remote server is honoring it! That's like 3 different bugs he's uncovered so far! At this point I'd be rampaging like... something that rampages a LOT... through 2 or 3 different bug forums. I'm sure the Firefox guys would say "No it's not!" At least some people in the "real world" do check cookie expiry dates, but it's probably "optional". I'm not inclined to go digging through RFCs to find out. I'd say Wordpress sending out cookies from last year means someone hasn't been minding a server like they should be. That really IS a problem. I suppose you could add a "Remove expiration dates" to the cookie manager panel, or a "send expired cookies" checkbox to the httpclient. Probably wouldn't be a huge amount of coding, and would probably be only vaguely atrocious. Or perhaps a sampler or postprocessor that allows you to manipulate explicit cookie values? That'd be a bit more work, but might be more palatable. -- Bruce Ide [email protected]
