Changes between Initial Version and Version 1 of Ticket #19821, comment 2
- Timestamp:
- 06/19/2012 05:19:23 PM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #19821, comment 2
initial v1 3 3 2. User 2 tries to guess password for user 1. This WP instance has the User Locker plugin installed, so account will be locked after few invalid attempts;[[BR]] 4 4 3. User 1 loads some WP page. At this moment his account is already locked, so it will be good to invalidate authentication cookie and force logout. 5 6 I can think of case when multiple plugins may want to hook into cookie authentication process - other plugins beside User Locker may check user status in external registry like LDAP, check if IP or User Agent has changed since last request, check date/time (user may have specified hours when he may log in), etc. Without this extra filter only one plugin is able to hook into this by replacing `wp_validate_auth_cookie()` pluggable function.