[Vizworld]

Ok.. I’m not 100% on this, but it seems the cookie hashing algorithm changed in WP2.8 .

In WP2.7, in wp-includes/pluggable.php (line 512)

if ( $expired < time() ) {

do_action('auth_cookie_expired', $cookie_elements);

return false;

}

$key = wp_hash($username . ‘|’ . $expiration, $scheme);

$hash = hash_hmac(‘md5’, $username . ‘|’ . $expiration, $key);

and in 2.8:

// Quick check to see if an honest cookie has expired

if ( $expired < time() ) {

do_action('auth_cookie_expired', $cookie_elements);

return false;

}

$user = get_userdatabylogin($username);

if ( ! $user ) {

do_action(‘auth_cookie_bad_username’, $cookie_elements);

return false;

}

$pass_frag = substr($user->user_pass, 8, 4);

$key = wp_hash($username . $pass_frag . ‘|’ . $expiration, $scheme);

$hash = hash_hmac(‘md5’, $username . ‘|’ . $expiration, $key);

So, in 2.8 the hash is salted with 4 character’s of the USer’s password. The “freshly_baked_cookies” plugin hasn’t been upgraded to match this change, so it always fails to match the hashed cookies.

Unfortunateyl,the get_userdatabylogin function doesn’t seem to exist in bbpress…..