Title: WordPress cookie issue blocking app development – wordpress_sec Last modified: July 24, 2023 --- # WordPress cookie issue blocking app development – wordpress_sec * [seriusprime](https://wordpress.org/support/users/seriusprime/) * (@seriusprime) * [2 years, 10 months ago](https://wordpress.org/support/topic/wordpress-cookie-issue-blocking-app-development-wordpress_sec/) * Hello, * We are trying to have an app made that logs into our website. We have an issue where the login is not working for admin members and the AppMySite people have said its due to the following: * WordPress does not set any cookie in the form “wordpress_sec_[hash]”. WordPress specifically uses “wordpress_[hash] and wordpress_logged_in_[hash]”, plus a test cookie. Any cookies apart from these are not supported in our app because this is not a standard practice by WordPress. * They say the cookie is being put there by a security plugin or something. I have checked online and it seems this cookie is pretty standard and I cant find any references to it being the result of a plugin. Can anyone shed some light on this, is it a standard WP cookie that is not mentioned in their documentation, or is there a way I can disable its usage so the app can work. I really appreciate your time. Viewing 3 replies - 1 through 3 (of 3 total) * [George Appiah](https://wordpress.org/support/users/gappiah/) * (@gappiah) * [2 years, 10 months ago](https://wordpress.org/support/topic/wordpress-cookie-issue-blocking-app-development-wordpress_sec/#post-16916904) * > I have checked online and it seems this cookie is pretty standard * Any reference for this? * To the best of my knowledge (and as per the [official documentation](https://wordpress.org/documentation/article/cookies/)), WordPress doesn’t set any such cookies. * So I’m curious to know what reference you have that says this is a “standard” cookie set by WordPress itself. * [George Appiah](https://wordpress.org/support/users/gappiah/) * (@gappiah) * [2 years, 10 months ago](https://wordpress.org/support/topic/wordpress-cookie-issue-blocking-app-development-wordpress_sec/#post-16917018) * **An update: I was wrong 😀** * I just set up a brand new site just to test this for you — WordPress version 6.2.2, default Twenty Twenty-Three theme, and NO plugin installed. So as pure vanilla WordPress as can be. * And, indeed, there’s a `wordpress_sec_[hash]` cookie set, but only in the admin dashboard (ie `/wp-admin/` path). The front-end doesn’t have this cookie. * Please see the screenshots below: the first is the back-end (dashboard), the second is the front-end (ie public website). * So the statement… _**“Any cookies apart from these… is not a standard practice by WordPress”**_ is here proven to be not true. * There’s obviously a reason WordPress sets this cookie, so the solution to your problem is NOT to stop WordPress from setting the cookie, but to get your **AppMySite** folks to understand and accept that this is a default WordPress cookie — a “standard practice” as they call it — and fix their obviously broken app. * Good luck! * ![](https://i0.wp.com/i.snipboard.io/v13IQV.jpg?ssl=1) * ![](https://i0.wp.com/i.snipboard.io/pJk97K.jpg?ssl=1) * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [2 years, 10 months ago](https://wordpress.org/support/topic/wordpress-cookie-issue-blocking-app-development-wordpress_sec/#post-16919413) * FWIW, the wordpress_sec_[hash] auth cookie name is only used over HTTPS protocol. When over plain HTTP the auth cookie name is wordpress_[hash]. * I’m unclear on what use this cookie is to an external app. There’s no way I know of to validate the hashed value from outside to ensure it’s valid. * Generally speaking external apps should interface with WP via the REST API. There are a number of ways an app can be authenticated for the API. I recommend using Application Passwords. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘WordPress cookie issue blocking app development – wordpress_sec’ is closed to new replies. ## Tags * [cookies](https://wordpress.org/support/topic-tag/cookies/) * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/) * 3 replies * 3 participants * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/wordpress-cookie-issue-blocking-app-development-wordpress_sec/#post-16919413) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics