WordPress.org

Make WordPress Core

Opened 18 months ago

Last modified 18 months ago

#39385 new defect (bug)

Set $current_user global in wp_signon() after successful authentication

Reported by: fjarrett Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: needs-patch close
Focuses: Cc:

Description

The $current_user global should be set after successful authentication inside wp_signon() instead of waiting for the next load of WordPress.

Although the $user_login string and $user object are passed through the wp_login hook, there are some functions that don't allow user parameters and rely solely on get_current_user_id(), such as wp_destroy_other_sessions().

This is easy enough to work around, but it seems reasonable to expect that user-related function calls should "just work" at any point after authentication. 

<?php

add_action( 'wp_login', function ( $user_login, $user ) {

        var_dump( get_current_user_id() ); // int(0)

        $GLOBALS['current_user'] = $user;

        var_dump( get_current_user_id() ); // int(1)

        exit;

}, 10, 2 );

Attachments (1)

39385.patch (396 bytes) - added by fjarrett 18 months ago.

Download all attachments as: .zip

Change History (3)

#1 @johnbillion
18 months ago

  • Keywords needs-patch added
  • Version trunk deleted

@fjarrett
18 months ago

#2 @ocean90
18 months ago

  • Keywords close added

See #28116 and #35488 for why this is more of a documentation issue than an actual bug.

Note: See TracTickets for help on using tickets.