Support » Plugin: wpDirAuth » Overriding cookie expiry for directory authenticated users

  • Resolved Sean Leavey


    Hi Paul, thanks a lot for making this plugin – it’s really excellent. One issue we have is that the default cookie expiry time of 1 hour is really annoying. I know you said about 6 months ago that you’d eventually add this as a setting, but I didn’t want to wait so I made the necessary changes myself. What I did is really simple – I just check for a boolean setting which lets you disable the setting of the 1 hour expiry, and instead preserves the default WordPress expiry time (2 weeks).

    Would you like to add my changes to the code so it can be pushed out in a new version? If so, then how can I send them to you or the SVN? I managed to check out the SVN working copy but I can’t find any instructions on submitting patches. Could I just send you the patch file by email or something?



Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Paul Gilzow


    to be honest, i completely forgot. Can you put your code into a github gist? or pastebin? i’ll try to incorporate it into the v1.9.0 version i want to release soon.

    Great! I’ve uploaded my version of wpDirAuth.php here:

    All I did was add an additional boolean setting that allows the admin to stop the cookie expiry that the auth_cookie_expiration hook sends to wpDirAuth_cookieExpire from being overriden to 1 hour. I thought about adding an extra setting to allow the admin to set a custom expiry time, but that’s probably beyond the intended scope of this plugin.

    I hope this is useful, and makes it into the next version! Cheers.

    Plugin Author Paul Gilzow


    I dont like the idea of completely disabling the cookie expiration time. So, instead, I set up an area in the Admin Settings for wpDirAuth to set the expiration time (in hours).

    Can you test out this version and let me know if it works for you?

    Thanks for looking into this – I’ll test it out tomorrow and let you know how I get on. However, you should know that my intention was not to disable the cookie expiry totally, but rather to avoid modifying what the WordPress default is. On my installation it defaults to 2 weeks, so by disabling the cookie override in the way I implemented it, it really just stops the default 2 week period from being overridden.

    Plugin Author Paul Gilzow


    Understood. Many institutions that have AD and/or some type of Single Sign-On system in place, also have restrictions on the length of time a session for a centrally-authed account can be. I know for us, it’s 24 hours. I didn’t want it to be either 1 hour or completely disabled, and instead wanted to give more flexibility to meet as many needs as possible. With the way it’s implemented in the version I gave you, if you want, and your organization is ok with, a 2 week timeout, then you can implement it by setting the value to 336.

    Since wpDirAuth implements the cookie expiration time by hooking the auth_cookie_expiration filter, if you really want to completely remove it, you can do so by removing the callback from the stack for this filter:

    $intDirAuthPriority = has_filter('auth_cookie_expiration','wpDirAuth_cookieExpire');

    Place the above code in your theme’s function file, or you can place it in a custom plugin.

    Hi Paul, I just tested your code and it works nicely. Thanks a lot! Your reasoning for wanting to keep the cookie expiry setting is sound and makes sense. We don’t have a policy on session times and nothing on the site is particularly sensitive, so I’ll just set the expiry to a large number of hours.

    Do you have an ETA on the next version that will include this capability? Thanks again!

    Plugin Author Paul Gilzow


    today is my goal. if not today, then on monday.

    Plugin Author Paul Gilzow


    6 days late, but version 1.9.3 is now out.

    Great – thanks a lot for doing this!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Overriding cookie expiry for directory authenticated users’ is closed to new replies.