WordPress DiscourseConnect client - expired nonce

I’m assuming this is happening with logging into WordPress via your Discourse site. If that’s the case, the issue is that the nonce generated by WordPress is expired. This happens on WordPress sites that have an Object Caching enabled.

One solution is to disable the Object Cache on any pages that have the “Login With Discourse” link. For this approach, make sure the Object Cache is disabled for anonymous users.

Another solution is outlined here: Wordpress SSO Expired nonce - #15 by simon. The function in that post can by copied exactly as it is into your WordPress theme’s functions.php file.

That function adds a randomly string to the Login With Discourse URL. The random string triggers WordPress to break the cache and generate a fresh nonce for the user. @angus, this should probably get added to the plugin’s code: wp-discourse/lib/sso-client/sso-client-base.php at main · discourse/wp-discourse · GitHub. There’s no downside to it, and I don’t think there’s another way of dealing with object caching causing stale nonces to be used instead of generating new ones for each visit.

3 Likes