WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 2 months ago

Last modified 3 weeks ago

#35488 closed defect (bug) (fixed)

wp_logout() not working as it should

Reported by: sebastian.pisula Owned by: SergeyBiryukov
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch has-unit-tests
Focuses: Cc:
PR Number:

Description

I have test:

<?php

include 'wp-load.php';

echo 'content for guest<br />';

if ( is_user_logged_in() ) {
        echo 'content for user logged in<br />';
} else {
        echo 'content for user logged in - go to login form<br />';
}

wp_logout();

echo 'content for guest<br />';

if ( is_user_logged_in() ) {
        echo 'content for user logged in';
} else {
        echo 'content for user logged in - go to login form<br />';
}

Output should be:

content for user logged in
content for user logged in - go to login form

but output is:

content for user logged in
content for user logged in

I think that this is bug.

Attachments (2)

35488.patch (506 bytes) - added by sebastian.pisula 4 years ago.
35488.1.diff (946 bytes) - added by donmhico 4 months ago.
Refresh the patch and added a unit test.

Download all attachments as: .zip

Change History (12)

#1 follow-up: @ocean90
4 years ago

It's actually the same behaviour as with wp_signon(), see #28116.

#2 in reply to: ↑ 1 @sebastian.pisula
4 years ago

Replying to ocean90:

It's actually the same behaviour as with wp_signon(), see #28116.

this is bug ? :)

#3 @johnbillion
4 years ago

Note that logging a user out after output has started is not possible because cookies cannot be set after the headers have been sent.

#5 @roytanck
10 months ago

  • Status changed from new to reopened

Bumped into this in a project today, and have taken the liberty of reopening the ticket.

I'm writing a plugin that automatically logs a user out after a certain period of inactivity. To do this, I'm hooking into "admin_init", and if the user has been inactive for x minutes, I call wp_logout(). For this to work properly, all code running after "admin_init" should run as if the user is not logged in. Among other things, this will trigger the login modal in wp-admin.

Considering that I just explicitly logged out the user, is_user_logged_in() especially should return false. Other functions that are affected are get_current_user() and wp_auth_check().

Sebastian.pisula's patch works flawlessly for me on 5.0.3. It makes wp_logout() do what the function's name and description suggest.

Please consider accepting this patch.

#6 @SergeyBiryukov
9 months ago

  • Milestone set to 5.3
  • Owner set to SergeyBiryukov
  • Status changed from reopened to reviewing

@donmhico
4 months ago

Refresh the patch and added a unit test.

#7 @donmhico
4 months ago

  • Keywords has-patch has-unit-tests added

#8 @juliobox
4 months ago

I've just tested with a user in my DB with ID=0, just to be sure it won't load this user using the new patch line: It does not do that, I'm correctly logged out now.

#9 @davidbaumwald
2 months ago

@SergeyBiryukov How do you feel about the most recent patch for 5.3? It applies cleanly to trunk and the new unit test passes.

#10 @SergeyBiryukov
2 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 46467:

Users: Make sure wp_logout() clears current user, so that a subsequent call to is_user_logged_in() works as expected.

Props sebastian.pisula, donmhico, roytanck, juliobox.
Fixes #35488.

#11 @figureone
3 weeks ago

This fix has changed behavior in the wp_logout filter. Prior to WordPress 5.3, plugin developers could use get_current_user_id() inside the hook to get the ID of the user logging out.
https://github.com/WordPress/WordPress/blob/master/wp-includes/pluggable.php#L566-L582

For example, in a plugin that links external authentication services (like Google, LDAP, CAS) we use it to log the user out of their external account.

Maybe we can add a pre_wp_logout hook at the beginning of the wp_logout() function for cases where we need to refer to the logging out user?

Note: See TracTickets for help on using tickets.