WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #19821, comment 2


Ignore:
Timestamp:
06/19/12 17:19:23 (3 years ago)
Author:
sirzooro
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #19821, comment 2

    initial v1  
    332. User 2 tries to guess password for user 1. This WP instance has the User Locker plugin installed, so account will be locked after few invalid attempts;[[BR]] 
    443. User 1 loads some WP page. At this moment his account is already locked, so it will be good to invalidate authentication cookie and force logout. 
     5 
     6I can think of case when multiple plugins may want to hook into cookie authentication process - other plugins beside User Locker may check user status in external registry like LDAP, check if IP or User Agent has changed since last request, check date/time (user may have specified hours when he may log in), etc. Without this extra filter only one plugin is able to hook into this by replacing `wp_validate_auth_cookie()` pluggable function.