WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 3 weeks ago

#35488 reviewing defect (bug)

wp_logout() not working as it should

Reported by: sebastian.pisula Owned by: SergeyBiryukov
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

I have test:

<?php

include 'wp-load.php';

echo 'content for guest<br />';

if ( is_user_logged_in() ) {
        echo 'content for user logged in<br />';
} else {
        echo 'content for user logged in - go to login form<br />';
}

wp_logout();

echo 'content for guest<br />';

if ( is_user_logged_in() ) {
        echo 'content for user logged in';
} else {
        echo 'content for user logged in - go to login form<br />';
}

Output should be:

content for user logged in
content for user logged in - go to login form

but output is:

content for user logged in
content for user logged in

I think that this is bug.

Attachments (2)

35488.patch (506 bytes) - added by sebastian.pisula 4 years ago.
35488.1.diff (946 bytes) - added by donmhico 3 weeks ago.
Refresh the patch and added a unit test.

Download all attachments as: .zip

Change History (8)

#1 follow-up: @ocean90
4 years ago

It's actually the same behaviour as with wp_signon(), see #28116.

#2 in reply to: ↑ 1 @sebastian.pisula
4 years ago

Replying to ocean90:

It's actually the same behaviour as with wp_signon(), see #28116.

this is bug ? :)

#3 @johnbillion
4 years ago

Note that logging a user out after output has started is not possible because cookies cannot be set after the headers have been sent.

#5 @roytanck
7 months ago

  • Status changed from new to reopened

Bumped into this in a project today, and have taken the liberty of reopening the ticket.

I'm writing a plugin that automatically logs a user out after a certain period of inactivity. To do this, I'm hooking into "admin_init", and if the user has been inactive for x minutes, I call wp_logout(). For this to work properly, all code running after "admin_init" should run as if the user is not logged in. Among other things, this will trigger the login modal in wp-admin.

Considering that I just explicitly logged out the user, is_user_logged_in() especially should return false. Other functions that are affected are get_current_user() and wp_auth_check().

Sebastian.pisula's patch works flawlessly for me on 5.0.3. It makes wp_logout() do what the function's name and description suggest.

Please consider accepting this patch.

#6 @SergeyBiryukov
5 months ago

  • Milestone set to 5.3
  • Owner set to SergeyBiryukov
  • Status changed from reopened to reviewing

@donmhico
3 weeks ago

Refresh the patch and added a unit test.

#7 @donmhico
3 weeks ago

  • Keywords has-patch has-unit-tests added
Note: See TracTickets for help on using tickets.