WordPress 2.8 might break login compatibility (again)
Remember how they changed the login cookie in WordPress 2.5 ?
Then they realized they got the security model wrong so they changed it again in 2.6 causing more backward compatibility problems. (then they finally added HttpOnly in 2.7)
So since it’s all working/stable now, guess what, they are tampering with it again:
This time they are not changing or adding cookies, that would be “too easy” to work around, they are changing the action hooks which will of course make any existing plugins that rely on the hooks to replace, modify or supplement the authentication stop working.
Hopefully it will all stay inside of pluggable.php so that we can fairly easily roll it back to the 2.6 or even 2.5 system as desired with replacement functions.
I am particularly sensitive to this kind of change because of how it typically breaks bbPress integration. This could also affect WPMU and BuddyPress. Hopefully since they shouldn’t be changing the cookie format, in theory we shouldn’t have to change anything but things rarely work out that easy in real-life.
(By the way my OpenID plugin for bbPress has half the complexity of the WordPress solution and does not require any special apache/php modules to function – it could be ported to WordPress fairly easily if anyone wanted to – except of course, you might have to change it again for WP 2.8)