[wp-trac] [WordPress Trac] #20276: Tie nonces and cookies to expirable sessions
WordPress Trac
noreply at wordpress.org
Fri Jul 18 09:22:40 UTC 2014
#20276: Tie nonces and cookies to expirable sessions
----------------------------+------------------
Reporter: ryan | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------
Comment (by nacin):
I would like to see some additional review on the API in [29221]. It's
feeling really good, though.
Here's what it looks like:
{{{
function wp_get_session_token() {
function wp_get_all_sessions() {
function wp_destroy_current_session() {
function wp_destroy_other_sessions() {
function wp_destroy_all_sessions() {
abstract class WP_Session_Tokens {
protected function __construct( $user_id ) {
final public static function get_instance( $user_id ) {
final private function hash_token( $token ) {
final public function verify_token( $token ) {
final public function create_token( $expiration ) {
final public function update_token( $token, $session ) {
final public function destroy_token( $token ) {
final public function destroy_other_tokens( $token_to_keep ) {
final protected function is_still_valid( $session ) {
final public function destroy_all_tokens() {
final public static function destroy_all_tokens_for_all_users() {
final public function get_all_sessions() {
abstract protected function get_sessions();
abstract protected function get_session( $verifier );
abstract protected function update_session( $verifier, $session =
null );
abstract protected function destroy_other_sessions( $verifier );
abstract protected function destroy_all_sessions();
abstract public static function drop_sessions();
class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
. . . abstract methods are implemented, plus:
protected function prepare_session( $session ) {
protected function update_sessions( $sessions ) {
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/20276#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list