wp_generate_auth_cookie()
Generates authentication cookie contents.
This is a pluggable function, and it can be replaced by a plugin. It means that this function is defined (works) only after all plugins are loaded (included), but before this moment this function has not defined. Therefore, you cannot call this and all functions depended on this function directly from a plugin code. They need to be called on plugins_loaded hook or later, for example on init hook.
Function replacement (override) — in a plugin you can create a function with the same name, then it replace this function.
Hooks from the function
Return
String
. Authentication cookie contents. Empty string if user does not exist.
Usage
wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
- $user_id(int) (required)
- User ID.
- $expiration(int) (required)
- The time the cookie expires as a UNIX timestamp.
- $scheme(string)
- The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
Default: 'auth' - $token(string)
- User's session token to use for this cookie.
Default: ''
Changelog
Since 2.5.0 | Introduced. |
Since 4.0.0 | The $token parameter was added. |
wp_generate_auth_cookie() wp generate auth cookie code WP 6.1.1
function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) { $user = get_userdata( $user_id ); if ( ! $user ) { return ''; } if ( ! $token ) { $manager = WP_Session_Tokens::get_instance( $user_id ); $token = $manager->create( $expiration ); } $pass_frag = substr( $user->user_pass, 8, 4 ); $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); // If ext/hash is not present, compat.php's hash_hmac() does not support sha256. $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; $hash = hash_hmac( $algo, $user->user_login . '|' . $expiration . '|' . $token, $key ); $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash; /** * Filters the authentication cookie. * * @since 2.5.0 * @since 4.0.0 The `$token` parameter was added. * * @param string $cookie Authentication cookie. * @param int $user_id User ID. * @param int $expiration The time the cookie expires as a UNIX timestamp. * @param string $scheme Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'. * @param string $token User's session token used. */ return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token ); }