2 min read 2 wks ago

Cookie Check Failure

If you encounter a “Cookie Check Failure,” it may not directly relate to the plugin itself. The issue could stem from cache or optimization plugins potentially interfering with your session and nonce values. You can refer to the documentation provided here for guidance on resolving this issue.

If after performing the steps from the above documentation you still experience this issue, you can look into these other solutions, but it shouldn’t be needed.

Bypass the Nonce check

This is not recommended for security purposes, but you can always bypass this check by using the following filters.

First, you need to bypass the cookie authentication. This is not at the plugin level; it is general, so we check the request URI and see if it is a chat submission. If so, we bypass the auth process.

  add_filter( 'rest_authentication_errors', function ( $result ) {
    if ( ! empty( $result ) ) {
        return $result;
    }

    $uri = $_SERVER['REQUEST_URI'] ?? '';

    if ( strpos( $uri, '/wp-json/mwai-ui/v1/chats/submit' ) !== false ) {
        return true; // bypass cookie auth for this route
    }

    return $result;
}, 99 );

If you only bypass the cookie auth, you will no longer get a “Cookie check failed” error, but you will encounter a new error: “Sorry, you are not allowed to do that.” This happens because the session is terminated; even if the cookie authentication is bypassed, the authorization to query the AI Engine REST route is still blocked. To unlock it, you can use the following filter:

add_filter( 'mwai_rest_authorized', function($rest_nonce, $request) {
    return true;
}, 10, 2);

This will always return true, so the check should never fail. Of course, this filter is not only for the submit, so instead of simply returning true, you can add your own conditions based on the current $request value.

Your session has expired

WordPress nonces are valid for 12-24 hours and use a “tick” system where each tick is 12 hours. Cache/CDN is likely caching pages with old nonces, causing authentication failures.

Here are some steps you ca take:

Exclude AI Engine Endpoints from Caching

Add these endpoints to your Cache exclusions:

  • /wp-json/mwai/v1/*
  • /wp-json/mwai-ui/v1/*

Specifically exclude these critical endpoints:

  • /wp-json/mwai/v1/start_session
  • /wp-json/mwai-ui/v1/chats/submit
  • /wp-json/mwai*

Add these to your cache exclusions:

Cookies to exclude:

  • mwai_session_id
  • Any cookies containing _wpnonce
  • WordPress authentication cookies: wordpress_*, wp_*

URL Parameters to exclude:

  • restNonce
  • _wpnonce
  • X-WP-Nonce