0

I am looking for a way to call wp_logout (server side) if my wordpress_logged_in_HASH cookie expires. Unfortunalty I can't find any solution so far. Did a lot of research on stackoverflow and google, but still not done. Does anyone have some advices or ideas how to do it?

Server side I can check if the cookie exits with $_SERVER['HTTP_COOKIE']. The variable exits on my shared server and this works. But how to run wp_logout automaticly when cookie expires? Maybe by some javascript?

if(strpos($_SERVER['HTTP_COOKIE'], 'wordpress_logged_in') == true){
    echo "Login cookie exists!<br>";
    var_dump($_SERVER['HTTP_COOKIE']);
    //echo($startTime = microtime(true));
} else{
    echo "Login cookie not exists!";
    var_dump($_SERVER['HTTP_COOKIE']);
    }
cr4nk
  • 23
  • 3
  • `$_COOKIE['wordpress_logged_in']` would probably be somewhat more secure. Neither are that secure though. Should check server side for session, not a cookie – user3783243 Dec 06 '21 at 18:26
  • `$_COOKIE['wordpress_logged_in']` is not available. Actually `$_COOKIE` is always empty. Do you know, why it's empty? – cr4nk Dec 06 '21 at 19:13

1 Answers1

0

Simply change session expire time, as mentioned, by adding in your theme's functions.php something like:

add_filter('auth_cookie_expiration', 'my_expiration_filter', 99, 3);
function my_expiration_filter($seconds, $user_id, $remember){

    //if "remember me" is checked;
    if ( $remember ) {
        //WP defaults to 2 weeks;
        $expiration = 14*24*60*60; //UPDATE HERE;
    } else {
        //WP defaults to 48 hrs/2 days;
        $expiration = 2*24*60*60; //UPDATE HERE;
    }

    //http://en.wikipedia.org/wiki/Year_2038_problem
    if ( PHP_INT_MAX - time() < $expiration ) {
        //Fix to a little bit earlier!
        $expiration =  PHP_INT_MAX - time() - 5;
    }

    return $expiration;
}

Surprisingly enough, WordPress does not use PHP sessions at all. It uses only cookies. And it uses a number of them with hashed names.

So don't mess with them directly, and do it the WordPress way with filters like above.

Or by calling WordPress APIs. E.g. if you want to log out the current user, you can call wp_clear_auth_cookie: http://codex.wordpress.org/Function_Reference/wp_clear_auth_cookie

Top-Master
  • 7,611
  • 5
  • 39
  • 71
  • Thanks, but the user should get logged out automaticly without page reload. And your code about doesn't match this requirement. Any further ideas? – cr4nk Dec 06 '21 at 20:01
  • @cr4nk This sounds like an [XY Problem](https://meta.stackexchange.com/a/66378/477156); WordPress will logout users once time is expired, with or without page reload; Seems you do not care that WordPress will logout automatically, and you just want to somehow ensure `wp_logout` is called (probably you have some logout-action which you need triggered). – Top-Master Dec 06 '21 at 20:27