[wp-trac] [WordPress Trac] #58911: Destroy logged in sessions after successfully password reset
WordPress Trac
noreply at wordpress.org
Mon Aug 14 17:25:25 UTC 2023
#58911: Destroy logged in sessions after successfully password reset
------------------------------------+------------------------------
Reporter: nsinelnikov | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 6.3
Severity: normal | Resolution: worksforme
Keywords: has-patch close | Focuses:
------------------------------------+------------------------------
Changes (by rajinsharwar):
* keywords: has-patch => has-patch close
* status: new => closed
* resolution: => worksforme
Comment:
Hi @nsinelnikov, thanks for the Ticket. The user in Browser A will be
forced to log in after the password reset is initiated from Browser B,
even without the patch you attached. The reason is, we are checking if the
password was changed or not, and then use the wp_clear_auth_cookie()
function to reset any cookie related to authentication.
https://developer.wordpress.org/reference/functions/wp_clear_auth_cookie/
Your contribution is more than welcome. But, as this functionality is
already in the core, I will be closing this ticket for now with the
resolution of "worksforme"
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58911#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list