Users having to log in with Patreon constantly

I’m not really sure if this is a bug, or simply a feature that hasn’t been coded in the plugin yet.

I’ll describe the issue as best as I can:

  • I log in my website with Patreon on Chrome Browser on my PC (Windows 10 Pro 64-bit)
  • It gives me the expected page where I have to allow to view profile/email address, and I click on Allow.
  • I can access everything just fine— so far so good.
    Here’s where the issue comes in:
  • I exit Chrome, as one would when they’re about to turn off their computer, or something.
  • I re-open Chrome, navigate to my website and am no longer logged in. I have to go through the authentication process again. This issue is instant.

The moment I exit Chrome, it doesn’t save me as logged in anymore. This is also an issue on Firefox Browser, as well. A few of my users have also pointed this out to me.

Do you have any idea why this could be?

There’s no cookie left identifying them as a particular user, most likely. I don’t know enough about your wesbite and how you handle user authentication to say for certain though.

This is generalized because I don’t know enough about your setup, but: when they log in initially your website stores this in the session cache on the server. So long as that client remains actively connected, your server will maintain a copy of the session locally. Generally, this is done with a cookie that is placed on the user machine that has some unique identifier in it that is sent along with every user request.

I don’t know the exact time it happens, but when you close the browser, the browser will go through the cookies it has stored and clear out any that are expired or don’t meet any conditions requiring them to be kept–some people configure their browsers to dump all on close. Without this cookie to transmit on the next request to your website, your server will see that request as a new, unique user.

I am not aware of any Patreon provided code that would handle generating a cookie on your server.

This may be related to the session setting at your webserver (PHP) or WP setup. Basically your sessions seem to last as long as your browser’s session lifetime. You may need to check your PHP settings at the host or any WP plugin that changes sessions settings, if you have one.

Also - if you set your browser to ‘do not track’ etc, it may cause this behavior.

I think I found the issue. It was in patreon_login.php

wp_set_auth_cookie( $user->ID );

I added 2 arguments to it
wp_set_auth_cookie( $user->ID, true, session_id() );

Now patreon accounts are not instantly logged out. Does this negatively impact anything? I figure patreon_login.php has nothing to do with checking users against their Patreon IDs to confirm they’re still subscribed, and so am not in danger of having people sub once and never again.

Let me know if this is not the case. Thank you.

2 Likes

Yeah that would only affect the actual session of the user within that session’s duration, no problem.

I need to look into it and do some tests to see if the change you made would affect anything. But for now it should be ok.

1 Like