[wp-trac] [WordPress Trac] #61874: Unable to access WordPress login session during login

WordPress Trac noreply at wordpress.org
Thu Aug 15 07:00:50 UTC 2024


#61874: Unable to access WordPress login session during login
--------------------------+------------------------------
 Reporter:  dd32          |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Users         |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by dd32):

 One partial option is that we could have `wp_set_auth_cookie()` fill in
 the $_COOKIE super-global when setting cookies, this would have the effect
 of allowing `wp_get_session_token()` to operate, but would not set the
 current user global:

 {{{#!diff
 Index: wp-includes/pluggable.php
 ===================================================================
 --- wp-includes/pluggable.php   (revision 58295)
 +++ wp-includes/pluggable.php   (working copy)
 @@ -1090,6 +1090,9 @@
                         return;
                 }

 +               $_COOKIE[ $auth_cookie_name ] = $auth_cookie;
 +               $_COOKIE[ LOGGED_IN_COOKIE ]  = $logged_in_cookie;
 +
                 setcookie( $auth_cookie_name, $auth_cookie, $expire,
 PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
                 setcookie( $auth_cookie_name, $auth_cookie, $expire,
 ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
                 setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire,
 COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
 }}}

 which would result in this:
 {{{
 wp-content/mu-plugins/example.php:
 array (size=5)
   'variant' => string 'Diff' (length=4)
   '$user->ID' => int 1
   'get_current_user_id()' => int 0
   'wp_get_session_token()' => string
 '8XpzO0LxNDfqeHHaHduytWPFVWKYjnfBounb39FfPhK' (length=43)
   'session_data' =>
     array (size=7)
       'foo' => string 'bar' (length=3)
       ....
 }}}

 Still not perfect, as now `wp_get_session_token()` can determine the
 current user session, but it's apparently for no user, as no user is
 logged in, as a result of the outcome of #39385.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61874#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list