[wp-trac] [WordPress Trac] #20276: Tie nonces and cookies to expirable sessions
WordPress Trac
noreply at wordpress.org
Thu May 29 21:23:27 UTC 2014
#20276: Tie nonces and cookies to expirable sessions
-------------------------------------------+------------------
Reporter: ryan | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch commit dev-feedback | Focuses:
-------------------------------------------+------------------
Comment (by nacin):
[attachment:20276.6.diff] introduces destroy_all_sessions_for_all_users()
as a static method. It also renames ::destroy_sessions() to
::destroy_all_sessions(), and introduces the wrapper
wp_destroy_all_sessions(). And, it introduces ::destroy_other_sessions(
$token_to_keep ) and introduces the wrapper wp_destroy_other_sessions().
There is no wrapper for ::destroy_all_sessions_for_all_users(), but it can
be called as WP_User_Sessions::destroy_all_sessions_for_all_users(). It
occurs to me that this doesn't work when the class is replaced with the
attach_session_information filter, though. Shouldn't be difficult to come
up with something, though we'll need to avoid late static bindings.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/20276#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list