[resolved] How to init nonce? (3 posts)

  1. Jacob N. Breetvelt
    Posted 5 years ago #

    Calling wp_create_nonce twice gives the same result:

    echo wp_create_nonce('my-check'); /* find a new nonce ? */
    echo wp_create_nonce('my-check'); /* no, it's still the same */

    How do i initialize to get a new "ONE TIME" random nonce?

  2. Dion Hulse
    Lead Developer
    Posted 5 years ago #

    Nonces are not a once-off random code, If they were, it'd be impossible to compare them on the following page request that it's a legit nonce for that action.

    Nonces have 3 variables to them, The action, The userID, and time. All 3 must match for the nonce to be valid, each nonce is valid for "2 ticks", 1 tick being 12 hours, wp_verify_nonce() can be used to tell if the nonce is in the first half, or the latter half of it's lifespan. You can use the 'nonce_life' filter to increase/decrease the lifespan of nonces.

  3. Jacob N. Breetvelt
    Posted 5 years ago #

    Thank you for this clear explanation!

Topic Closed

This topic has been closed to new replies.

About this Topic