Hi. I’m used to have local bookmarks for frequent used sites including admin panel for them, but each time when I try to enter into /wp-admin/ from bookmarks, CP forcibly log me out and demands log in. How can I fix it?
When I’m already logged in into admin panel and enter from bookmarks or links I want to be able to see admin panel normaly as the obvious behavior 
The way CP knows you’re logged in is by setting a couple of cookies. By default these expire after somewhere between 12 and 24 hours. So that’s why you get logged out.
You can change the default behavior by using a filter, as explained here: How to increase the WordPress login session duration
It’s not about cookies,
I log in to admin panel, next (less than few seconds passed) open the link from bookmarks or links, and CP immediately redirects me to login screen, it does not matter which URL I will use, dashboard or any other inside the admin panel.
If I would paste the URL directly to the address bar in browser everything looks normal and I can access admin panel (of course not after beeing logged out by the above mechanism).
It looks like a CSRF prevention or something like that, I tried to dig into the code but no ideas so far.
It’s very irritating especially, if you use other screens (like external interface) to open the edit page for particular posts…
It is about cookies, as I have just explained. Here’s an article with some suggestions: How to Fix the "WordPress Keeps Logging Me Out" Issue (7 Methods)
I believe it’s not about the cookies,
the logout action is processing exactly because I used a link, if I would copy and paste URL adress it will let me enter without any problem.
I can confirm this issue.
I am using the ‘Remember Me Controls’ plugin to extend login cookies to their maximum ( 100 years ).
As my site is hosted on Tor I push a feed to Mastodon - mwaters site bot (@[email protected]) - Mastodon
I have my site open in a number of tabs yet if I click on a link via the mastodon site or in my RSS reader I am sent to the site login page rather than the actual post.
My wife’s site is setup exactly the same way and does the same too.
Her site was a clean ClassicPress install whereas mine is a WordPress conversion.
HTH.
Mark.
Here’s Perplexity’s explanation which, as you will, explains that its an issue of cookies:
When you try to access a WordPress admin page (such as /wp-admin) from a browser bookmark, and you are redirected to the login page, it is normal and expected WordPress behavior. Here’s why:
Session-Based Authentication: Accessing admin pages requires a valid, active login session. WordPress stores your authentication in cookies. If these cookies are missing (e.g., after you close your browser, clear cookies, or your session expires), you’re no longer authenticated.
Security Design: If you access a protected page and aren’t logged in, WordPress automatically redirects you to the login page. After logging in, it tries to send you back to the page you originally requested
Bookmarks vs. Session: Saving an admin page as a bookmark only stores the URL—not your session. You must be logged in and have a valid authentication cookie for direct access.
“Remember Me” Option: If you select “Remember Me” on the login form, WordPress keeps you logged in longer (by setting a longer-lasting cookie), which may reduce how often you are redirected. If not checked—or after session expiration—the redirect to login will occur as soon as you’re unauthenticated
Extra Redirects: If your login session has expired, or you try to access the admin with a different browser/device, you will always be sent to the login page until you log in again.
In summary:
Accessing an admin page from a bookmark requires an active login session. If you don’t have one, WordPress redirects you to the login page for your security. This is standard, expected behavior for all user accounts with admin/dashboard access.
Of course I have active session in admin panel.
I tried to explain it since from begining, is my English so poor that it’s not obvious?
Of course I would not expect system to allow me to enter into admin screen without autorization, how could you even think that way?
what Tim is saying is that THE BOOKMARK does NOT save cookies so when you click it your session is not active any more. A link can instead save cookies…. a bookmark and a link ARE NOT the same thing in terms of cookies.
With tabs already open in my Firefox browser in the admin pages.
Exactly the same URL , one stored in the browser which works as expected , one stored in a web page which doesn’t.
This is not the same behaviour as WordPress.
I have tried to reproduce in FireFox 141.0.2 on MacOS.
I opened a browser ab for a ClassicPress site of mine and logged in, the admin menu bar was visible on the sites front pages to show I was logged in.
In another tab I opened my sites main URL from a bookmark, menu bar still present indicating I’m logged in.
In a third tab I opened the site from a frequently visited shortcut in the browser new tab screen, the menu bar was still visible.
Anything I’m missing? Seems to be working for me which would indicate a browser cache issue maybe.
there is something that is missing yes. @jujist is saying that when they log in and use the site, then try to use the bookmark after some time (apparently after session cookie expiration) they find themselves logged off as it should be since session expired.
fact is they are not understanding that the cookie that is set when they login has an expiration date, when reached expiration the cookie is deleted. this means that logging in today and wanting to use the bookmark after cookie expired won’t work.
setting the remind me flag when logging in only helps a little because it sets a longer session cookie duration but eventually you have to log in all the same at a certain point.
fact is having an user session cookie active forever is a very big security no-no. It might endanger the site. this is why it was set to expire and log off in the first place
I’ve installed Brave and this operates as expected , so it must be an issue with Firefox or one of the plugins I am using.
Thanks for testing @MattyRob
@ElisabettaCarrara many times I tried to describe I use bookmark link just after login in, not a days, just few seconds, the session has not expired for sure.
I tried it on Brave and Vivaldi (using localhost, and actually apache virtualhost), I will come back if I will have something new in this area.
now, FF has settings to DELETE all cookies as soon as you leave a site or change tabs somewhere. I think you can find the advanced cookie settings and set them according to your needs. I have done that some time ago in the past for my FF account (I use it with an account to keep it in sync with FF mobile) and now it works like all other browsers.
it’s the browser, not CP.
As I tried to explain since from the begining, it’s not related to cookies at all.
It depends from the way I use to open the /wp-admin/ at the moment (having active session of course):
still until now my only assumption is about browser “REFERER” and CSRF protection.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.