WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/18/2014 09:12:05 AM (6 years ago)
Author:
nacin
Message:

Tie cookies and nonces to user sessions so they may be invalidated upon logout.

Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-settings.php

    r29044 r29221  
    120120require( ABSPATH . WPINC . '/template.php' );
    121121require( ABSPATH . WPINC . '/user.php' );
     122require( ABSPATH . WPINC . '/session.php' );
    122123require( ABSPATH . WPINC . '/meta.php' );
    123124require( ABSPATH . WPINC . '/general-template.php' );
Note: See TracChangeset for help on using the changeset viewer.