WordPress at a glance
function is not described

wp_generate_auth_cookie() WP 2.5.0

Generate authentication cookie contents.

  • Since 4.0.0 The $token parameter was added.

This is a pluggable function, and it can be replaced by a plugin. It means that this function is defined (works) only after all plugins are loaded (included), but before this moment this function has not defined. Therefore, you cannot call this and all functions depended on this function directly from a plugin code. It must be called on plugins_loaded hook or later, for example on init hook.

Function replacement (override) — in a plugin you can create a function with the same name, then it replace this function.

Hooks in function
Return

String. Authentication cookie contents. Empty string if user does not exist.

Usage

wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
$user_id(int) (required)
User ID
$expiration(int) (required)
The time the cookie expires as a UNIX timestamp.
$scheme(string)
The cookie scheme to use: auth, secure_auth, or logged_in
Default: 'auth'
$token(string)
User's session token to use for this cookie
Default: ''

Code of wp generate auth cookie: wp-includes/pluggable.php WP 5.2.1

<?php
function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) {
	$user = get_userdata( $user_id );
	if ( ! $user ) {
		return '';
	}

	if ( ! $token ) {
		$manager = WP_Session_Tokens::get_instance( $user_id );
		$token   = $manager->create( $expiration );
	}

	$pass_frag = substr( $user->user_pass, 8, 4 );

	$key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );

	// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
	$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
	$hash = hash_hmac( $algo, $user->user_login . '|' . $expiration . '|' . $token, $key );

	$cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;

	/**
	 * Filters the authentication cookie.
	 *
	 * @since 2.5.0
	 * @since 4.0.0 The `$token` parameter was added.
	 *
	 * @param string $cookie     Authentication cookie.
	 * @param int    $user_id    User ID.
	 * @param int    $expiration The time the cookie expires as a UNIX timestamp.
	 * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
	 * @param string $token      User's session token used.
	 */
	return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token );
}