Heartbeat/auth-check interval consistency (wp_auth_check_interval does not have the stated effect)

[dsixinetu]

TL;DR: ​wp_auth_check_interval currently has no effect and should be fixed or deprecated/removed.

History

Originally, the auth_check code run when a heartbeat was received checked for 'wp-auth-check' in the heartbeat data. This value was added to the heartbeat request based on some scheduling in auth-check.js, with wp_auth_check_interval providing a filter to control the timing. Note that this timing is independent of the scheduling of the heartbeat itself.

• [24738] stopped checking for this value as a part of other changes to auth-check
• [27153] changed auth_check to run on heartbeat_send rather than heartbeat_received, so the heartbeat data was not available and the data argument was removed in [27154]

Current State

wp_auth_check_interval and the timing code in auth-check.js still control the timing of when the 'wp-auth-check' data is added to the heartbeat request, but nothing on the server side is checking for this value and the 'wp-auth-check' data is included in the heartbeat response every time.

Based on #27081, it seems that we want auth_check to run on every heartbeat as it now does. Assuming that this is correct, the 'wp-auth-check' request data, timing code, and the filter wp_auth_check_interval are no longer required and have been non-functional since 2014.

Proposed Changes

• Remove timing code in auth-check.js
• Remove wp_auth_check_interval filter (can we skip deprecating it since it has not worked for the past 6 years?)
• Recommend controlling heartbeat interval rather than auth-check:
  • Through the 'interval' setting with the heartbeat_settings filter
  • Through the 'heartbeat_interval' value in heartbeat response

[adamsilverstein]

@azaozz would be great to have your review of the proposed changes here.

[azaozz]

@dsixinetu welcome to Trac and thanks for the ticket :)

• Remove timing code in auth-check.js
• Remove wp_auth_check_interval filter (can we skip deprecating it since it has not worked for the past 6 years?)

Sounds good. Yes, no need to deprecate the filter imho.

Looks like a patch should remove all uses of schedule() from auth-check.js, and the filter from script-loader.php.

As of [27153], wp-auth-check is returned on all heartbeats without the need for data from client-side. This also means that the timing and scheduling of this request data is ineffectual.

Trac ticket: https://core.trac.wordpress.org/ticket/50305

[whyisjake]

In 48056:

Administration: Remove wp-auth-check from the Heartbeat API.

As of [27153], wp-auth-check is returned on all heartbeats without the need for data from client-side. This also means that the timing and scheduling of this request data is ineffectual.

Fixes #50305.

Props dsixinetu, azaozz, whyisjake.

Merged, thank you.