[wp-trac] [WordPress Trac] #20276: Tie nonces and cookies to expirable sessions

WordPress Trac noreply at wordpress.org
Fri Jul 18 09:22:40 UTC 2014


#20276: Tie nonces and cookies to expirable sessions
----------------------------+------------------
 Reporter:  ryan            |       Owner:
     Type:  task (blessed)  |      Status:  new
 Priority:  normal          |   Milestone:  4.0
Component:  Security        |     Version:
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+------------------

Comment (by nacin):

 I would like to see some additional review on the API in [29221]. It's
 feeling really good, though.

 Here's what it looks like:

 {{{
 function wp_get_session_token() {
 function wp_get_all_sessions() {
 function wp_destroy_current_session() {
 function wp_destroy_other_sessions() {
 function wp_destroy_all_sessions() {

 abstract class WP_Session_Tokens {
         protected function __construct( $user_id ) {
         final public static function get_instance( $user_id ) {
         final private function hash_token( $token ) {
         final public function verify_token( $token ) {
         final public function create_token( $expiration ) {
         final public function update_token( $token, $session ) {
         final public function destroy_token( $token ) {
         final public function destroy_other_tokens( $token_to_keep ) {
         final protected function is_still_valid( $session ) {
         final public function destroy_all_tokens() {
         final public static function destroy_all_tokens_for_all_users() {
         final public function get_all_sessions() {

         abstract protected function get_sessions();
         abstract protected function get_session( $verifier );
         abstract protected function update_session( $verifier, $session =
 null );
         abstract protected function destroy_other_sessions( $verifier );
         abstract protected function destroy_all_sessions();
         abstract public static function drop_sessions();

 class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
         . . . abstract methods are implemented, plus:
         protected function prepare_session( $session ) {
         protected function update_sessions( $sessions ) {
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/20276#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list