Add error message for nonce check failures

Question

Add error message for nonce check failures

mboynes opened this issue 2 years ago · 1 comments

When a nonce check fails, the user is quietly redirected to the site's homepage.

I encountered this situation with a shared account used by a development team, which I recognize is abnormal usage. If two users signed in at roughly the same time, one would end up not signed in and get redirected to the homepage (which in this case was actually a different domain from the WordPress admin, as "home url" and "site url" are different). It would have been more helpful in diagnosing what was happening if the nonce check failure redirected one user back to the login form with an informative error message.

Answer 1 · 2024-04-25T11:13:25.000Z

Indeed, it would be useful to display an error for a vailed nonce validation. It could happen for legitimate reasons when the login page is open for long. I'm not sure how easy it would be to implement considering how inconsistent is the state management during the WP login flow.