基于wordpress_ulogged_uin_35; cookie设置脚本可访问cookie到期
我需要一个cookie来正确显示缓存页面上登录/匿名用户的动态链接。我认为默认WordPress登录cookie到期日为14天,创建自定义的14天到期脚本可访问cookie不会出错,应该会导致到期日同步:基于wordpress_ulogged_uin_35; cookie设置脚本可访问cookie到期,wordpress,cookies,Wordpress,Cookies,我需要一个cookie来正确显示缓存页面上登录/匿名用户的动态链接。我认为默认WordPress登录cookie到期日为14天,创建自定义的14天到期脚本可访问cookie不会出错,应该会导致到期日同步: add_action('wp_login', 'lal_login'); function lal_login() { $expiration = time() + 14*24*60*60; setcookie('wp_user_logged_in', 1, $expirati
add_action('wp_login', 'lal_login');
function lal_login() {
$expiration = time() + 14*24*60*60;
setcookie('wp_user_logged_in', 1, $expiration, '/');
$_COOKIE['wp_user_logged_in'] = 1;
}
add_action('wp_logout', 'lal_logout');
function lal_logout() {
unset($_COOKIE['wp_user_logged_in']);
setcookie('wp_user_logged_in', null, -1, '/');
}
不幸的是,Chrome显示2个默认cookie和我的自定义cookie的到期日期不一样。默认cookie在12小时后过期
wordpress\u已登录\u已登录
创造
2019年5月19日星期日下午3:01:54
到期
2019年6月3日星期一凌晨3:01:54
wordpress\u sec\u35;
创造
2019年5月19日星期日下午3:01:54
到期
2019年6月3日星期一凌晨3:01:54
wp\u用户\u登录\u
创造
2019年5月19日星期日下午3:01:54
到期
2019年6月2日星期日下午3:01:54
我发现WordPress增加了12小时的“宽限期”
我应该让我的饼干在14天12小时后过期吗?与硬编码时间相比,我还更喜欢基于auth cookie的过期,auth cookie可以根据过滤器进行更改。我怎样才能做到这一点?下一行显示如何计算验证cookie过期时间:
$expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );
我看到WordPress也支持不记住用户的设置,尽管我在理解它时有困难,因为代码在下一行中将$expire
设置为0。我怎样才能支持字段正确地记住自定义cookie中未选中的用户,以镜像WordPress auth cookie
负责设置auth cookie的整个函数位于pluggable.php中,如下所示:
function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
if ( $remember ) {
/**
* Filters the duration of the authentication cookie expiration period.
*
* @since 2.8.0
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached.
* Needed for the login grace period in wp_validate_auth_cookie().
*/
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
} else {
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
$expire = 0;
}
if ( '' === $secure ) {
$secure = is_ssl();
}
// Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
/**
* Filters whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters( 'secure_auth_cookie', $secure, $user_id );
/**
* Filters whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
if ( '' === $token ) {
$manager = WP_Session_Tokens::get_instance( $user_id );
$token = $manager->create( $expiration );
}
$auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );
/**
* Fires immediately before the authentication cookie is set.
*
* @since 2.5.0
* @since 4.9.0 The `$token` parameter was added.
*
* @param string $auth_cookie Authentication cookie value.
* @param int $expire The time the login grace period expires as a UNIX timestamp.
* Default is 12 hours past the cookie's expiration time.
* @param int $expiration The time when the authentication cookie expires as a UNIX timestamp.
* Default is 14 days from now.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
* @param string $token User's session token to use for this cookie.
*/
do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token );
/**
* Fires immediately before the logged-in authentication cookie is set.
*
* @since 2.6.0
* @since 4.9.0 The `$token` parameter was added.
*
* @param string $logged_in_cookie The logged-in cookie value.
* @param int $expire The time the login grace period expires as a UNIX timestamp.
* Default is 12 hours past the cookie's expiration time.
* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
* Default is 14 days from now.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Default 'logged_in'.
* @param string $token User's session token to use for this cookie.
*/
do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token );
/**
* Allows preventing auth cookies from actually being sent to the client.
*
* @since 4.7.4
*
* @param bool $send Whether to send auth cookies to the client.
*/
if ( ! apply_filters( 'send_auth_cookies', true ) ) {
return;
}
setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
if ( COOKIEPATH != SITECOOKIEPATH ) {
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
}
}
我认为问题主要在于cookie的过期时间,因此: 我看到WordPress也尊重不记得用户的设置, 虽然我理解它有困难,因为代码集
$expire
在下一行中设置为0
调用时,应忽略“expires”参数或将其设置为0
,这两种方式都意味着cookie将在会话结束时(浏览器关闭时)过期。因此,当用户登录时没有选中“记住我”复选框时,WordPress需要将其设置为0
如何支持字段在我的应用程序中正确地记住未选中的用户
自定义cookie,以镜像WordPress验证cookie
您可以使用set\u logged\u in\u cookie
hook来实际设置cookie,而不是“支持它”。这样,无论用户是否选中“记住我”复选框,您都可以获得预期的过期时间
因此,代码:
add_action('wp_login','lal_login')代码>
使用:add_action('set_logged_in_cookie','lal_login',10,2)代码>
或者这样:add_action('set_auth_cookie','lal_login',10,2)代码>
lal_login()
:
函数lal\u登录($cookie,$expire){
//如果用户没有选中“记住我”复选框,$expire将为0。
//因此,如果需要,可以将$expire设置为14天、2天等。
//$expire=$expire?$expire:time()+14*天(以秒为单位);
setcookie('wp_用户_登录,'1,$expire,'/');
$\u COOKIE['wp\u user\u logged\u in']=1;
}
注意:如果您连接到设置登录的\u cookie
,则$cookie
将是登录的cookie值;如果您连接到set\u auth\u cookie
,则$cookie
将是身份验证cookie值这很好用!我还意识到,这个2天的值意味着,如果未选中“记住”的用户不提前关闭浏览器会话,cookie将在2天内过期。
function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
if ( $remember ) {
/**
* Filters the duration of the authentication cookie expiration period.
*
* @since 2.8.0
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached.
* Needed for the login grace period in wp_validate_auth_cookie().
*/
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
} else {
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
$expire = 0;
}
if ( '' === $secure ) {
$secure = is_ssl();
}
// Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
/**
* Filters whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters( 'secure_auth_cookie', $secure, $user_id );
/**
* Filters whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
if ( '' === $token ) {
$manager = WP_Session_Tokens::get_instance( $user_id );
$token = $manager->create( $expiration );
}
$auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );
/**
* Fires immediately before the authentication cookie is set.
*
* @since 2.5.0
* @since 4.9.0 The `$token` parameter was added.
*
* @param string $auth_cookie Authentication cookie value.
* @param int $expire The time the login grace period expires as a UNIX timestamp.
* Default is 12 hours past the cookie's expiration time.
* @param int $expiration The time when the authentication cookie expires as a UNIX timestamp.
* Default is 14 days from now.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
* @param string $token User's session token to use for this cookie.
*/
do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token );
/**
* Fires immediately before the logged-in authentication cookie is set.
*
* @since 2.6.0
* @since 4.9.0 The `$token` parameter was added.
*
* @param string $logged_in_cookie The logged-in cookie value.
* @param int $expire The time the login grace period expires as a UNIX timestamp.
* Default is 12 hours past the cookie's expiration time.
* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
* Default is 14 days from now.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Default 'logged_in'.
* @param string $token User's session token to use for this cookie.
*/
do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token );
/**
* Allows preventing auth cookies from actually being sent to the client.
*
* @since 4.7.4
*
* @param bool $send Whether to send auth cookies to the client.
*/
if ( ! apply_filters( 'send_auth_cookies', true ) ) {
return;
}
setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
if ( COOKIEPATH != SITECOOKIEPATH ) {
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
}
}