Automattic
Some users asked to log in again to post a comment
Impacted plugin
Jetpack
Quick summary
When some users try to post a comment, they are required to log in again to post it, even though they are already logged in.
Are you [User Name]? You are being asked to login because [user email] is used by an account you are not logged into now. By logging in you'll post the following comment to [Site Name]: [Comment text]
Steps to reproduce
- Log in as one of the affected users.
- Go to a blog (owned by the same user or another).
- Open a post and try to post a comment.
- See issue.
A clear and concise description of what you expected to happen.
Since the user is already logged in, the comment should be posted.
What actually happened
User is presented with a login screen, asking them to log in again.
Impact
Some (< 50%)
Available workarounds?
Yes, easy to implement
If the above answer is "Yes...", outline the workaround.
Workaround: enter login credentials to log in again.
Platform (Simple and/or Atomic)
Simple
Logs or notes
Context:
8655370-zen 8680786-zen
Support References
This comment is automatically generated. Please do not edit it.
- [ ] 8655370-zen
- [ ] 8680786-zen
- [ ] 9335305-zen
- [ ] 9414451-zen
- [ ] 9504105-zen
- [ ] 9540508-zen
- [ ] 9811643-zen
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
📌 REPRODUCTION RESULTS
- Tested on Simple – Could Not Replicate / Uncertain
- Tested on Atomic – Could Not Replicate / Uncertain
- Replicable outside of Dotcom – Uncertain
📌 FINDINGS/SCREENSHOTS/VIDEO
- I couldn't replicate this when I tried it a while back either and I can't do so now, but I wanted to point out some things on this interaction(8655370-zen):
I do appreciate your time and suggestions. Before we get into the details, you said you don't see complaints about this from others. I searched the comments on my blog for both "Log In" and "Login" - I found over 150 comments complaining about having to or not being able to log in. I've attached a PDF of the first page of those results. I left my own comments out, even though mine are in response to comments where they didn't use those terms. One comment even says that the person "reached out to the Happiness Engineers and was told she's the only one with the problem..."
As for your suggestions,frankly, I don't have a device on which LastPass isn't installed, and I depend on it to the point that I don't want to remove it. My devices include: Windows Surface running Windows-10 up-to-date Lenovo laptop running Windows-10 up-to-date Apple iPhone SE (latest) iOs 17.6.1 Apple iPad Pro (older) iOs 17.2 Browsers include the latest versions of: Firefox (default on both laptops) Safari (default on iPad) Duck Duck Go (default on iPhone) Chrome (used on both laptops and problems occur there, too) My point , and what you will find echoed in the comments in that PDF, is that we ARE logged in. We see our avatar. We see the notice that says: "You are logged in as (wordpress user)" and still we get forced to log in again, often with the loss of the comment we prepared. Many people simply move on when that happens, so these are comments that are lost. Sometimes, we have to login to Like a post and login again to comment.
📌 ACTIONS
- Triaged
@Automattic/vertex is this something that can be looked into by you in more detail?
@Robertght - Yes, we're (Vertex) currently looking into this issue. I'm having trouble reproducing this issue. Do you have any instructions to reproduce this issue (or increase the odds of running into this issue)?
@agrullon95 I added a video showing the issue to the ticket: 8655370-zd-a8c
@ariel-maidana I have a ticket I want to offer an status update for, so I figured I'd check in to see if there was any news on this issue before sending it 🙂
I'm not able to reproduce the issue exactly like the customer but it looks like a cookie/authentication issue.
As a possible workaround enabling 3rd party cookies (adding an exception) for https://public-api.wordpress.com should probably fix it.
Here is how to add exception for Firefox: https://github.com/user-attachments/assets/f3c113e6-5100-4a2e-bb46-eb730c0fc051
Here is how to do it on Chrome: https://github.com/user-attachments/assets/3f2bb462-3ecc-4dbb-b0f4-e38bb1a95cc8
Depending on the browser privacy configuration the cookies can get rejected when we send api requests. I was able to mitigate similar issues, by adding an exception as in the videos above.
I am reopening this as I do not see a clear resolution. I came across a user with this issue and I was able to replicate it while logged in as the user.
Details covered in here: 9335305-zd-a8c
Also here: p1739513142832499-slack-CDJ9Z349W
It happens intermittently on specific blogs only.
@arcangelini @Automattic/loop, is this something you could take a look at?
From what I recall, this screen is only shown when we feel the user may be a potential risk/spammer.
@escapemanuele it's not entirely clear to me what this issue is proposing.
Team, the user reached out and requested that we shared some messages from frustrated site visitors they got. I know it isn't relevant, but you can find them in their last reply to this ticket: 9414451-zd-a8c
