Support » Plugins » Hacks » How to init nonce?

  • Calling wp_create_nonce twice gives the same result:

    echo wp_create_nonce('my-check'); /* find a new nonce ? */
    echo wp_create_nonce('my-check'); /* no, it's still the same */

    How do i initialize to get a new “ONE TIME” random nonce?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Dion Hulse


    Lead Developer

    Nonces are not a once-off random code, If they were, it’d be impossible to compare them on the following page request that it’s a legit nonce for that action.

    Nonces have 3 variables to them, The action, The userID, and time. All 3 must match for the nonce to be valid, each nonce is valid for “2 ticks”, 1 tick being 12 hours, wp_verify_nonce() can be used to tell if the nonce is in the first half, or the latter half of it’s lifespan. You can use the ‘nonce_life’ filter to increase/decrease the lifespan of nonces.

    Thank you for this clear explanation!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to init nonce?’ is closed to new replies.