wp_set_auth_cookie

Log in a user by setting authentication cookies.

Description

wp_set_auth_cookie( (int) $user_id, (constant) $remember = false, (string) $secure = '', (string) $token = '' ); 

The $remember parameter increases the time that the cookie will be kept. The default the cookie is kept without remembering is two days. When $remember is set, the cookies will be kept for 14 days or two weeks.

Parameters (4)

0. $user_id (int)
The user id.
1. $remember — Optional. (constant) => false
Whether to remember the user
2. $secure — Optional. (string) => ''
Whether the admin cookies should only be sent over HTTPS. Default is_ssl().
3. $token — Optional. (string) => ''
User's session token to use for this cookie.

Usage

  1. if ( !function_exists( 'wp_set_auth_cookie' ) ) { 
  2. require_once ABSPATH . WPINC . '/pluggable.php'; 
  3.  
  4. // The user id. 
  5. $user_id = -1; 
  6.  
  7. // Whether to remember the user 
  8. $remember = false; 
  9.  
  10. // Whether the admin cookies should only be sent over HTTPS. 
  11. // Default is_ssl(). 
  12. $secure = ''; 
  13.  
  14. // Optional. User's session token to use for this cookie. 
  15. $token = ''; 
  16.  
  17. // NOTICE! Understand what this does before running. 
  18. $result = wp_set_auth_cookie($user_id, $remember, $secure, $token); 
  19.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/pluggable.php  
  1. function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) { 
  2. if ( $remember ) { 
  3. /** 
  4. * Filters the duration of the authentication cookie expiration period. 
  5. * @since 2.8.0 
  6. * @param int $length Duration of the expiration period in seconds. 
  7. * @param int $user_id User ID. 
  8. * @param bool $remember Whether to remember the user login. Default false. 
  9. */ 
  10. $expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember ); 
  11.  
  12. /** 
  13. * Ensure the browser will continue to send the cookie after the expiration time is reached. 
  14. * Needed for the login grace period in wp_validate_auth_cookie(). 
  15. */ 
  16. $expire = $expiration + ( 12 * HOUR_IN_SECONDS ); 
  17. } else { 
  18. /** This filter is documented in wp-includes/pluggable.php */ 
  19. $expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember ); 
  20. $expire = 0; 
  21.  
  22. if ( '' === $secure ) { 
  23. $secure = is_ssl(); 
  24.  
  25. // Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS. 
  26. $secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME ); 
  27.  
  28. /** 
  29. * Filters whether the connection is secure. 
  30. * @since 3.1.0 
  31. * @param bool $secure Whether the connection is secure. 
  32. * @param int $user_id User ID. 
  33. */ 
  34. $secure = apply_filters( 'secure_auth_cookie', $secure, $user_id ); 
  35.  
  36. /** 
  37. * Filters whether to use a secure cookie when logged-in. 
  38. * @since 3.1.0 
  39. * @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in. 
  40. * @param int $user_id User ID. 
  41. * @param bool $secure Whether the connection is secure. 
  42. */ 
  43. $secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure ); 
  44.  
  45. if ( $secure ) { 
  46. $auth_cookie_name = SECURE_AUTH_COOKIE
  47. $scheme = 'secure_auth'; 
  48. } else { 
  49. $auth_cookie_name = AUTH_COOKIE
  50. $scheme = 'auth'; 
  51.  
  52. if ( '' === $token ) { 
  53. $manager = WP_Session_Tokens::get_instance( $user_id ); 
  54. $token = $manager->create( $expiration ); 
  55.  
  56. $auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token ); 
  57. $logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token ); 
  58.  
  59. /** 
  60. * Fires immediately before the authentication cookie is set. 
  61. * @since 2.5.0 
  62. * @param string $auth_cookie Authentication cookie. 
  63. * @param int $expire The time the login grace period expires as a UNIX timestamp. 
  64. * Default is 12 hours past the cookie's expiration time. 
  65. * @param int $expiration The time when the authentication cookie expires as a UNIX timestamp. 
  66. * Default is 14 days from now. 
  67. * @param int $user_id User ID. 
  68. * @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'. 
  69. */ 
  70. do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme ); 
  71.  
  72. /** 
  73. * Fires immediately before the logged-in authentication cookie is set. 
  74. * @since 2.6.0 
  75. * @param string $logged_in_cookie The logged-in cookie. 
  76. * @param int $expire The time the login grace period expires as a UNIX timestamp. 
  77. * Default is 12 hours past the cookie's expiration time. 
  78. * @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp. 
  79. * Default is 14 days from now. 
  80. * @param int $user_id User ID. 
  81. * @param string $scheme Authentication scheme. Default 'logged_in'. 
  82. */ 
  83. do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in' ); 
  84.  
  85. /** 
  86. * Allows preventing auth cookies from actually being sent to the client. 
  87. * @since 4.7.4 
  88. * @param bool $send Whether to send auth cookies to the client. 
  89. */ 
  90. if ( ! apply_filters( 'send_auth_cookies', true ) ) { 
  91. return; 
  92.  
  93. setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); 
  94. setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); 
  95. setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); 
  96. setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);