Opened 6 months ago
Last modified 5 months ago
#60748 new defect (bug)
auth_redirect() login check doesn't exist or doesn't work
Reported by: | kratosgemini | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
The auth_redirect()
documentation states:
"Checks if a user is logged in, if not it redirects them to the login page."
https://developer.wordpress.org/reference/functions/auth_redirect/
However, unless a call to auth_redirect()
is wrapped inside a is_user_logged_in()
check, then it always sends people to the login page (even if a user is already logged in).
I don't know if the documentation is incorrect or if there is a bug in the code.
To reproduce, all you need to do is something like this:
<?php add_action( 'wp', function() { if ( is_page( 2 ) ) { auth_redirect(); } } );
Change History (2)
#2
@
5 months ago
Hi @kratosgemini, thanks for opening the ticket! Well, it's a default behavior for WordPress I believe to show a logged-in page when the user is still logged in. So, even if you are logged in to the Admin Dashboard if you try to go under /wp-login.php, it will show the login form. So, I believe, the auth_redirect() should always be encapsulated by the is_user_logged_in() function to avoid this behavior.
What we can do is, update this behavior in the code doc for future reference.
+1
Just checked this as logged in and reloaded the cart page, it logs out and redirect to login page.
This is the function doc