It’s usual that WordPress stores comment author name and email in the user’s browser cookies, so next time the visitor has to comment, they have their name and email already filled in automatically.
My question is:
Is it possible for WordPress to store a visitor’s comment cookies on two computers at different locations, but probably using the same ISP?
I’m asking this because I’ve seen someone else’s name and email address stored in the comment form of a WordPress powered blog I was reading. My computer is password protected and nobody used it except me. And this happened not once, not twice but many times (every time a random unknown name and email). Even I’ve seen a “Your comment is waiting moderation” message.
And since I believed every browser maintains it’s cookies for its own, this behavior is strange to me.
__
EDIT:
Property Value
Name comment_author_b4f88879dbf70af24980db38c9197684
Value Emma
Host example.tld
Path /
Expires Fri, 20 Dec 2013 12:56:16 GMT
Secure No
HttpOnly No
Name comment_author_email_b4f88879dbf70af24980db38c9197684
Value email%40server.co.uk
Host example.tld
Path /
Expires Fri, 20 Dec 2013 12:56:16 GMT
Secure No
HttpOnly No
1 Answer
The cookies are fine.
The secret is caching. The blog owner has set up a server side output caching that doesn’t stop when someone sends as cookie. It should – as you can see, because caching pages with personal data is … odd.
Lesson: Don’t cache personalized output.