WordPress at a glance
function is not described

wp_authenticate_cookie() WP 2.8.0

Authenticate the user using the WordPress auth cookie.

  • Global. String. $auth_secure_cookie

No Hooks.


WP_User/WP_Error. WP_User on success, WP_Error on failure.


wp_authenticate_cookie( $user, $username, $password );
$user(WP_User/WP_Error/null) (required)
WP_User or WP_Error object from a previous callback.
Default: null
$username(string) (required)
Username. If not empty, cancels the cookie authentication.
$password(string) (required)
Password. If not empty, cancels the cookie authentication.

Code of wp authenticate cookie: wp-includes/user.php VER 5.0.3

function wp_authenticate_cookie($user, $username, $password) {
	if ( $user instanceof WP_User ) {
		return $user;

	if ( empty($username) && empty($password) ) {
		$user_id = wp_validate_auth_cookie();
		if ( $user_id )
			return new WP_User($user_id);

		global $auth_secure_cookie;

		if ( $auth_secure_cookie )
			$auth_cookie = SECURE_AUTH_COOKIE;
			$auth_cookie = AUTH_COOKIE;

		if ( !empty($_COOKIE[$auth_cookie]) )
			return new WP_Error('expired_session', __('Please log in again.'));

		// If the cookie is not set, be silent.

	return $user;