Support » Plugins » Hacks » 2 Day No Memember Cookies

  • I noticed that when I don’t check “Remember Me” on login that the logged in cookie expires when I close the browser. I took a closer look at wp_set_auth_cookie() and noticed that if the box isn’t checked the expire time is set to 0 seconds which expires the cookie when the browser closes.

    I definitely could be missing something hear, but aren’t those cookies supposed to last for two days?

    Here is the code I am talking about from pluggable.php. Starting on line 664:

    if ( $remember ) {
    $expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
    } else {
    $expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
    $expire = 0;
    }

    and then when the cookies are set starting on line 692:

    if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
    setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    if ( COOKIEPATH != SITECOOKIEPATH )
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
    } else {
    $cookie_domain = COOKIE_DOMAIN;
    if ( !empty($cookie_domain) )
    $cookie_domain .= '; HttpOnly';
    setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
    setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    if ( COOKIEPATH != SITECOOKIEPATH )
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
    }

    Wouldn’t we want to change line 668 to read something like:

    $expire = time() + 172800;

    instead of:

    $expire = 0;

    Thanks.

Viewing 8 replies - 1 through 8 (of 8 total)
  • when you don’t check “remember me” , it doesn’t remember you?

    i don’t understand the issue?

    According to the documentation on login, when you don’t check “Remember Me” the cookie should still last two days. Based on the code from pluggable.php it looks to me like the cookie only lasts until the browser closes. Am I missing something there?

    oh i’m sorry, i didn’t read that. it just makes sense that not checking it will not have it saved, but if the doc says it will then idk what to say ;(

    sry

    Not a problem at all. I’m hoping somebody can explain what I’m missing. I must be reading something incorrectly.

    Should I report this as a WordPress bug on Trac?

    I’m not trying to bump this, but I’d love to know if this warrants being reported on Trac? Anyone else think this is a WordPress core bug?

    Jonathan, I am using 3.3.1 and I am having trouble because I have password protected pages and IE does not delete the cookies when I close the browser, and I want them deleted. Of course the protected pages do not have the “remember me” option. Have you had anymore thoughts about this or found a solution anywhere else? Mike

    comairtech wrote:

    Jonathan, I am using 3.3.1 and I am having trouble because I have password protected pages and IE does not delete the cookies when I close the browser, and I want them deleted. Of course the protected pages do not have the “remember me” option. Have you had anymore thoughts about this or found a solution anywhere else? Mike

    Put this in your theme’s functions.php file:

    add_action( ‘wp’, ‘post_pw_sess_expire’ );
    function post_pw_sess_expire() {
    if ( isset( $_COOKIE[‘wp-postpass_’ . COOKIEHASH] ) )
    // Setting a time of 0 in setcookie() forces the cookie to expire with the session
    setcookie(‘wp-postpass_’ . COOKIEHASH, ”, 0, COOKIEPATH);
    }

    This should force the cookie to expire with the session.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘2 Day No Memember Cookies’ is closed to new replies.