Rooms: nonce check failing for logged in users on production site

[kpettinga]

@davekellam I think you might have fixed this with the conditional that checks if the user is logged in?

If so, can you close?

[davekellam]

I don't think the conditional check did anything, when you try to pull up the room booking modal while logged in, no reservations slots appear because it's getting a 403 response from admin-ajax (unless it's only happening to me).

It may involve contacting WPE support and seeing if they've run into this problem before. It definitely works fine in both logged in and non-logged in states locally. I'm assuming it has something to do with caching... perhaps they route logged-in users through a different machine/system, so nonces aren't matching up.

[davekellam]

I've tried a few other things, but no real success. At this point, we can't do too much more. This works for me locally and on our testing server, in both logged in and logged out states (including non-admin accounts). It is failing on WPE, likely due to caching/configuration. We don't have access to WPE dashboard (for support and logs) and/or the SFTP info (for logs), so we can't take any action in terms of diagnosing what's happening on the production server.

So, given our lack of access, we can: 1) Leave it as is (doesn't display/work for administrators). 2) Remove the nonce check (works for everyone, might potentially be less secure) 3) Have someone with access contact WPE support and see if they have any thoughts or recommendations.

What course of action should we take here?

[davekellam]

@gabrielo-cuc ^^

[davekellam]

Update here: it's not specific to WPE, it's definitely happening locally for me (although sometimes it works after I've previously been logged out). I'm going to reach out to some people and see if they've got any ideas.

[davekellam]

Think I had some old testing code in when I wrote that comment. Everything seems to be fine again locally for both logged-in and logged-out uses. So back to thinking it's a WPE issue of some sort. Probably time to get in touch with support there and see if they've encountered the problem before.