WordPress.org

Ready to get started?Download WordPress

Forums

2 Day No Memember Cookies (9 posts)

  1. Jonathan
    Member
    Posted 2 years ago #

    I noticed that when I don't check "Remember Me" on login that the logged in cookie expires when I close the browser. I took a closer look at wp_set_auth_cookie() and noticed that if the box isn't checked the expire time is set to 0 seconds which expires the cookie when the browser closes.

    I definitely could be missing something hear, but aren't those cookies supposed to last for two days?

    Here is the code I am talking about from pluggable.php. Starting on line 664:

    if ( $remember ) {
    $expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
    } else {
    $expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
    $expire = 0;
    }

    and then when the cookies are set starting on line 692:

    if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
    setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    if ( COOKIEPATH != SITECOOKIEPATH )
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    } else {
    $cookie_domain = COOKIE_DOMAIN;
    if ( !empty($cookie_domain) )
    $cookie_domain .= '; HttpOnly';
    setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
    setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    if ( COOKIEPATH != SITECOOKIEPATH )
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    }

    Wouldn't we want to change line 668 to read something like:

    $expire = time() + 172800;

    instead of:

    $expire = 0;

    Thanks.

  2. digibucc
    Member
    Posted 2 years ago #

    when you don't check "remember me" , it doesn't remember you?

    i don't understand the issue?

  3. Jonathan
    Member
    Posted 2 years ago #

    According to the documentation on login, when you don't check "Remember Me" the cookie should still last two days. Based on the code from pluggable.php it looks to me like the cookie only lasts until the browser closes. Am I missing something there?

  4. digibucc
    Member
    Posted 2 years ago #

    oh i'm sorry, i didn't read that. it just makes sense that not checking it will not have it saved, but if the doc says it will then idk what to say ;(

    sry

  5. Jonathan
    Member
    Posted 2 years ago #

    Not a problem at all. I'm hoping somebody can explain what I'm missing. I must be reading something incorrectly.

  6. Jonathan
    Member
    Posted 2 years ago #

    Should I report this as a WordPress bug on Trac?

  7. Jonathan
    Member
    Posted 2 years ago #

    I'm not trying to bump this, but I'd love to know if this warrants being reported on Trac? Anyone else think this is a WordPress core bug?

  8. comairtech
    Member
    Posted 2 years ago #

    Jonathan, I am using 3.3.1 and I am having trouble because I have password protected pages and IE does not delete the cookies when I close the browser, and I want them deleted. Of course the protected pages do not have the "remember me" option. Have you had anymore thoughts about this or found a solution anywhere else? Mike

  9. MickeyRoush
    Member
    Posted 2 years ago #

    comairtech wrote:

    Jonathan, I am using 3.3.1 and I am having trouble because I have password protected pages and IE does not delete the cookies when I close the browser, and I want them deleted. Of course the protected pages do not have the "remember me" option. Have you had anymore thoughts about this or found a solution anywhere else? Mike

    Put this in your theme's functions.php file:

    add_action( 'wp', 'post_pw_sess_expire' );
    function post_pw_sess_expire() {
    if ( isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
    // Setting a time of 0 in setcookie() forces the cookie to expire with the session
    setcookie('wp-postpass_' . COOKIEHASH, '', 0, COOKIEPATH);
    }

    This should force the cookie to expire with the session.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags