wp_parse_auth_cookie()WP 2.7.0

Parses a cookie into its components.

Pluggable function — this function can be replaced from a plugin. It means that this function is defined (works) only after all plugins are loaded (included), but before this moment this function has not defined. Therefore, you cannot call this and all functions depended on this function directly from a plugin code. They need to be called on plugins_loaded hook or later, for example on init hook.

Function replacement (override) — in must-use or regular plugin you can create a function with the same name, then it will replace this function.

No Hooks.

Return

String[]|false. Authentication cookie components. None of the components should be assumed to be valid as they come directly from a client-provided cookie value. If the cookie value is malformed, false is returned.

Usage

wp_parse_auth_cookie( $cookie, $scheme );
$cookie(string)
Authentication cookie.
Default: ''
$scheme(string)
The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
Default: ''

Changelog

Since 2.7.0 Introduced.
Since 4.0.0 The $token element was added to the return value.

wp_parse_auth_cookie() code WP 6.4.3

function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) {
	if ( empty( $cookie ) ) {
		switch ( $scheme ) {
			case 'auth':
				$cookie_name = AUTH_COOKIE;
				break;
			case 'secure_auth':
				$cookie_name = SECURE_AUTH_COOKIE;
				break;
			case 'logged_in':
				$cookie_name = LOGGED_IN_COOKIE;
				break;
			default:
				if ( is_ssl() ) {
					$cookie_name = SECURE_AUTH_COOKIE;
					$scheme      = 'secure_auth';
				} else {
					$cookie_name = AUTH_COOKIE;
					$scheme      = 'auth';
				}
		}

		if ( empty( $_COOKIE[ $cookie_name ] ) ) {
			return false;
		}
		$cookie = $_COOKIE[ $cookie_name ];
	}

	$cookie_elements = explode( '|', $cookie );
	if ( count( $cookie_elements ) !== 4 ) {
		return false;
	}

	list( $username, $expiration, $token, $hmac ) = $cookie_elements;

	return compact( 'username', 'expiration', 'token', 'hmac', 'scheme' );
}