Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #19821, comment 2


Ignore:
Timestamp:
06/19/2012 05:19:23 PM (12 years ago)
Author:
sirzooro
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #19821, comment 2

    initial v1  
    332. User 2 tries to guess password for user 1. This WP instance has the User Locker plugin installed, so account will be locked after few invalid attempts;[[BR]]
    443. User 1 loads some WP page. At this moment his account is already locked, so it will be good to invalidate authentication cookie and force logout.
     5
     6I can think of case when multiple plugins may want to hook into cookie authentication process - other plugins beside User Locker may check user status in external registry like LDAP, check if IP or User Agent has changed since last request, check date/time (user may have specified hours when he may log in), etc. Without this extra filter only one plugin is able to hook into this by replacing `wp_validate_auth_cookie()` pluggable function.