[pdp8user]

I’ve tracked the cause of the issue.
It’s not a Simple Membership problem, it’s Safari.

Safari (v11.0) is not honouring the autocomplete="off" attribute of the form fields.
It doesn’t honour it if you put it on the entire form, either.

Not only that, for some twisted reason it fills the field that has id="email" with the value it has previously gathered from the swpm-login-form field swpm_user_name. (Maybe the assumption is that the field preceding the password one must be the user-id field?)

So, if you log in with your email address, the form gets the right value in the email field. If you log in with your username, it gets the wrong one. Furthermore, it always adds a value to the first password field, even though the user may not want to change the password on this occasion.

My apologies for causing any concern.

Brian

[pdp8user]

I didn’t think to mention in my previous post: prior to about Aug 22 of this year (3.5.6?), this issue (or something very similar) was occurring on Firefox as well as Safari. At that stage my MacOS users could only update their profiles using Chrome. It was resolved with an update on Firefox at that time, which is why I thought it was a reversion when I saw it again today.

Please accept my apologies if that assumption caused you any problems.

Further, I’ve also verified that the issue occurs even after I’ve disabled all plugins except Simple Membership, reverted to the TwentySeventeen theme and completely cleared my browser cache.

Regards
Brian

[pdp8user]

Thank you for that.

I’ve looked into the issue further, and it isn’t what I thought at first.
The problem seems to be browser dependent, and what I thought was a reversion is in fact a different behaviour between different browsers.

In particular, I can only get it to fail on Safari (on Mac & iOS – I don’t have access to Safari on Windows). It behaves correctly on a range of other browsers and platforms.

When I load the profile page on Safari (…/membership-login/membership-profile/), the page initially loads with the correct information in the pre-filled form fields. Then, at what looks like the “page loaded” time point, it overwrites the correct content of the email field with the member’s username and writes something also into the first of the password fields. That password field should in fact remain empty. (The actual content of the password field is, of course, not visible but it is the same length as the current password.)

Regards
Brian

[pdp8user]

See my response to another issue on this topic:
https://simple-membership-plugin.com/forums/topic/loginout-anomaly/page/2/#post-12122
Brian

[pdp8user]

Many of the issues above relate to the fact that there is a difference between WordPress user sessions and Simple Membership member sessions. Whey you log in to Simple Membership, it logs you into WordPress, and when you log out of Simple Membership, it logs you out of WordPress. But WordPress doesn’t know about Simple Membership sessions, so an automatic logout from WordPress doesn’t log you out of Simple Membership.

WordPress itself logs users out after a period of time or after the browser is closed. When WordPress logs a user out, Simple Membership doesn’t get notified, so when a member returns to the site, Simple Membership thinks they are logged in but WordPress thinks they are logged out.

There are plugins that allow you to control the WP behaviour – either to extend the duration of the login or to specify a shorter time (and even to warn a user that they are about to be logged out, like a banking site). But I haven’t seen anything that synchronises WordPress user logins with Simple Membership member logins.

To get round the problem for myself, I’ve added this small bit of code to my theme’s functions.php file:

add_action( 'wp_loaded', 'bwm_synchronise_wp_swpm_logins' );
function bwm_synchronise_wp_swpm_logins( ) {
	if (!is_user_logged_in()){ /* WP user logged out */
		if(SwpmMemberUtils::is_member_logged_in()) { /* logged in. log them out. */
			wp_logout();
		}
	}
}

[Author]

Posts