tl;dr: Please upgrade TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. to run: 0.2-transitional
– Supports existing cookies, and future session cookies. diff .zip. A second request will be made to upgrade to 0.2.
Currently WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ doesn’t use WordPress Sessions, this was for two reasons: 1) bbPressbbPress Free, open source software built on top of WordPress for easily creating forums on sites. https://bbpress.org. 1.x, 2) Trac
We no longer have any bbPress 1.x installations present requiring authentication, leaving Trac as the only barrier to enabling the usage of it on WordPress.org infrastructure.
Current 2FA work will require sessions in order to keep track of the authentication type and time since last-2fa-challenge.
WordPress uses user_meta
to store the Sessions by default, but that’s not ideal for our usage (primarily due to PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. Serialized arrays needing decoding by trac python), so I’ve adopted the same table structure used on WordPress.comWordPress.com An online implementation of WordPress code that lets you immediately access a new WordPress environment to publish your content. WordPress.com is a private company owned by Automattic that hosts the largest multisite in the world. This is arguably the best place to start blogging if you have never touched WordPress before. https://wordpress.com/ for user sessions – wp_user_sessions
Here are two versions of the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, and a diff (GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ PRs) from present for code/security review if wanted.
0.2
– Supports user cookies with session tokens only diff .zip0.2-transitional
– Supports existing cookies, and future session cookies. diff .zip
Installation steps:
- Define
wp_user_sessions = wporg_user_sessions
in the[wordpress]
section of the existing Trac config. - Remove existing
0.1
version of the plugin. - Install
0.2-transitional
, Existing cookies should continue to work.
At a future date when Session support has been enabled permanently on WordPress.org:
- Remove
0.2-transitional
and replace with0.2
- Existing cookies at that time should be all with Sessions, and so they’ll continue to work. Older session-less cookies will no longer pass auth.
Implementation notes:
- The
auth_salt
andauth_key
do not need to be updated during this process, as the tokenised cookies simply add an extra token value. - The cookie names will remain the same to avoid any other systems-related changes needing to be made.
- The SQL introduces a join to an additional table for sessions, a
const
index is used. - The WordPress
wp_user_session
code is here: https://github.com/WordPress/wporg-mu-plugins/pull/345 (It’s WordPress 6.2+, Includes memcache, is based off the WordPress.com implementation) - I have tested this on my own Trac + WordPress install, using both
wp_user_sessions
and no-session cookies.