[Bug]: Wordpress integration records unauthenticated users as usr.id 0 #2423
Assignees
Labels
🐛 bug
Something isn't working
Comments
2 tasks
|
Thank you for bringing up the issue and providing a detailed description of the situation! I have submitted PR #2424 with your suggested fix 😃 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
For traces collected from a Wordpress environment with the new Wordpress integration enabled, unauthenticated users are recorded as usr.id 0.
This bit of code specifically seems to be the issue - wp_get_current_user() will return a user in all cases, but the user ID is 0 if the user's not logged in. This should check to see if the user ID is not 0 and only call set_user if so:
https://github.com/DataDog/dd-trace-php/blob/master/src/Integrations/Integrations/WordPress/V2/WordPressIntegrationLoader.php#L283
This behaviour by default can lead to exciting but unexpected problems with ASM - specifically, that any rules which block users will block all unauthenticated users the second an unauthenticated user triggers such a rule.
If a user is not authenticated, usr.id should not be set.
PHP version
8.2.7
Tracer or profiler version
0.95.0
Installed extensions
No response
Output of
phpinfo()No response
Upgrading from
No response
The text was updated successfully, but these errors were encountered: