Make WordPress Core

Opened 7 years ago

Closed 6 years ago

#30247 closed defect (bug) (fixed)

Cannot manually set token for wp_set_auth_cookie

Reported by: rmccue Owned by: rmccue
Milestone: 4.3 Priority: low
Severity: normal Version: 4.0
Component: Login and Registration Keywords: has-patch
Focuses: Cc:


While the underlying wp_generate_auth_cookie accepts passing in a token rather than generating one, wp_set_auth_cookie does not.

This is problematic if developing an SSO plugin, as you'll end up with different tokens for the differing cookie domains (unless you reimplement wp_set_auth_cookie). Being able to pass the token in when calling would allow cookies to be invalidated automatically across all cookie domains on logout.

Attachments (1)

30247.diff (1.2 KB) - added by rmccue 7 years ago.

Download all attachments as: .zip

Change History (8)

#1 @rmccue
7 years ago

Note: it would be trivial to workaround this if WP_Session_Manager::create wasn't final :)

#2 @johnbillion
7 years ago

  • Keywords needs-patch added


7 years ago

#3 @rmccue
7 years ago

  • Keywords has-patch added; needs-patch removed
  • Milestone changed from Awaiting Review to Future Release
  • Owner set to rmccue
  • Status changed from new to assigned

Added patch.

Note that this does change a pluggable function, but changing wp_generate_auth_cookie did the same, so I'm not overly concerned about this.

This ticket was mentioned in Slack in #core-multisite by rmccue. View the logs.

6 years ago

This ticket was mentioned in Slack in #core by sofiarose. View the logs.

6 years ago

#6 @johnbillion
6 years ago

  • Milestone changed from Future Release to 4.3

#7 @johnbillion
6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed in r32465

Note: See TracTickets for help on using tickets.