wp_authenticate_cookie()
Authenticates the user using the WordPress auth cookie.
No Hooks.
Returns
WP_User|WP_Error. WP_User on success, WP_Error on failure.
Usage
wp_authenticate_cookie( $user, $username, $password );
- $user(WP_User|WP_Error|null) (required)
- WP_User or WP_Error object from a previous callback.
Default:null - $username(string) (required)
- Username. If not empty, cancels the cookie authentication.
- $password(string) (required)
Password. If not empty, cancels the cookie authentication.
It has the attribute #[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.
Notes
- Global. String.
$auth_secure_cookie
Changelog
| Since 2.8.0 | Introduced. |
wp_authenticate_cookie() wp authenticate cookie code WP 6.9.1
function wp_authenticate_cookie(
$user,
$username,
#[\SensitiveParameter]
$password
) {
global $auth_secure_cookie;
if ( $user instanceof WP_User ) {
return $user;
}
if ( empty( $username ) && empty( $password ) ) {
$user_id = wp_validate_auth_cookie();
if ( $user_id ) {
return new WP_User( $user_id );
}
if ( $auth_secure_cookie ) {
$auth_cookie = SECURE_AUTH_COOKIE;
} else {
$auth_cookie = AUTH_COOKIE;
}
if ( ! empty( $_COOKIE[ $auth_cookie ] ) ) {
return new WP_Error( 'expired_session', __( 'Please log in again.' ) );
}
// If the cookie is not set, be silent.
}
return $user;
}