WordPress at a glance
function is not described

wp_generate_auth_cookie() WP 2.5.0

Generate authentication cookie contents.

  • Since 4.0.0 The $token parameter was added.

This is a pluggable function, and it can be replaced from plugin. It means that this function is defined (works) only after all plugins are connected (included), but before this moment the function has not yet been defined... Therefore, you cannot call this and all functions depended on this function directly from a plugin code. It must be called via hook plugins_loaded or later, for example on hook init.

Function replacement (override) — in a plugin you can create a function with the same name, then it will replace this function.

Hooks in function
Return

String. Authentication cookie contents. Empty string if user does not exist.

Usage

wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
$user_id(int) (required)
User ID
$expiration(int) (required)
The time the cookie expires as a UNIX timestamp.
$scheme(string)
The cookie scheme to use: auth, secure_auth, or logged_in
Default: 'auth'
$token(string)
User's session token to use for this cookie
Default: ''

Code of wp generate auth cookie: wp-includes/pluggable.php VER 5.0.3

<?php
function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) {
	$user = get_userdata($user_id);
	if ( ! $user ) {
		return '';
	}

	if ( ! $token ) {
		$manager = WP_Session_Tokens::get_instance( $user_id );
		$token = $manager->create( $expiration );
	}

	$pass_frag = substr($user->user_pass, 8, 4);

	$key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );

	// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
	$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
	$hash = hash_hmac( $algo, $user->user_login . '|' . $expiration . '|' . $token, $key );

	$cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;

	/**
	 * Filters the authentication cookie.
	 *
	 * @since 2.5.0
	 * @since 4.0.0 The `$token` parameter was added.
	 *
	 * @param string $cookie     Authentication cookie.
	 * @param int    $user_id    User ID.
	 * @param int    $expiration The time the cookie expires as a UNIX timestamp.
	 * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
	 * @param string $token      User's session token used.
	 */
	return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token );
}