Opened 7 years ago
Last modified 3 years ago
#41937 assigned enhancement
Change name of "wp-settings-" and "wp-settings-time-" cookie
Reported by: | Neustradamus | Owned by: | petertoi |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | good-first-bug has-patch |
Focuses: | Cc: |
Description
There is no option to change the cookie names of:
- wp-settings-time-
- wp-settings-
Can you add options?
It will be nice to add in wp-config.php like other cookies?
Thanks in advance.
Attachments (3)
Change History (20)
#1
@
7 years ago
- Component changed from General to Users
- Keywords cookie removed
- Severity changed from major to normal
- Type changed from defect (bug) to enhancement
#4
@
7 years ago
This patch takes adds constants to replace usages of 'wp-settings-' and 'wp-settings-time-' in PHP and updates the localization of utils.js with variables to use these constants in JS. Let me know if this needs any modification, happy to make any changes.
Prepared this patch at WordCamp Toronto 2017 with assistance from @pbearne.
#5
@
7 years ago
As a side note, what's the standard approach to updating WordPress code style on patches? Is code style applied only to modified code or should it be applied to related blocks (ex: adding curly brackets to all the constants in constants.php instead just those we've added)?
#8
in reply to:
↑ 7
@
7 years ago
Replying to Neustradamus:
It has been added in 4.9 release?
No, it hasn't been reviewed yet. And may need tests too. Now that 4.9 is out the door there's a good window to bring this up in the #core Slack channel and see what folks think is required to get it in a future release.
#9
@
7 years ago
- Owner set to petertoi
- Status changed from new to assigned
Assigning to mark the good-first-bug
as "claimed".
This ticket was mentioned in Slack in #core by petertoi. View the logs.
7 years ago
#12
@
7 years ago
I would just like to drop a consideration here that may or may not affect cache solutions.
Tools, such as Varnish at least, will read the existence of a cookie as a call to not cache a page by default. It's therefore common to add in rules to filter out certain cookies, in which you need to know what those cookies are.
If we start making cookie prefixes dynamic, we may essentially be invalidating many caching solutions which would impact site performances.
(This may not be an issue, but without knowing the cache configs everyone uses we can't make certain, and as such need to be careful about these kind of changes)
#16
@
5 years ago
This is a feature that we definitely want you to implement.
Because other cookie names can be changed with a constant, but I think that it is impairing the extensibility of WordPress that wp-settings- {time}-{UID}
cannot be changed only.
#17
@
3 years ago
HI @Neustradamus
Here we can checkout the updated cookies
screenshot:https://prnt.sc/21ing63
The related core (PHP) functions are:
wp_clear_auth_cookie()
: https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/pluggable.php#L922-L965wp_user_settings()
: [https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/option.php#L792-L840but it's more complicated than that, because it's hardcoded in the Javascript function
setUserSetting()
, where:in
/wp-includes/js/utils.js
:https://core.trac.wordpress.org/browser/tags/4.8.2/src/wp-includes/js/utils.js#L151-L184
There's also the
getAllUserSettings()
Javascript function that contains: