[wp-hackers] wordpress_logged_in_HASH

Haluk Karamete halukkaramete at gmail.com
Tue Feb 16 10:09:14 UTC 2016 

Thanks Nikola.

On Tue, Feb 16, 2016 at 1:43 AM, Nikola Nikolov <nikolov.tmw at gmail.com>
wrote:

> Well, I believe that there's a reason why some cookies are httpOnly and not
> accessible via JavaScript(security comes to mind?).
>
> A way around this would be to add some other flag within your DOM or
> otherwise JS-accessible that the current visitor is a logged-in user. Not
> sure if it's WordPress that does that, but with Twenty Fourteen, the body
> gets a class of "logged-in" so you can easily check that. Alternatively you
> can either hook to 'wp_head' or 'wp_footer' and render your own <script>
> tag with a variable in it, or you can use wp_localize_script() to again
> pass something from PHP to JS.
>
> The browser shows you the cookies, because it's the browser and it has
> control of everything(plus it has to take those cookies to the server with
> every request, right?). The specifications don't allow JavaScript to access
> httpOnly cookies and I don't think anyone would build a browser that
> doesn't follow that specification.
>
> On Tue, 16 Feb 2016 at 06:24 Haluk Karamete <halukkaramete at gmail.com>
> wrote:
>
> > document.cookie does not report/contain the wordpress cookie starting
> with
> > the prefix "wordpress_logged_in_" followed by a hash.
> >
> > This is most likely, it is an httpOnly cookie.
> > But it surely shows up on the chrome->dev-console->resources->cookies
> >
> > Is there a JavaScript way to know whether that cookie is there or not?
> >
> > It would be there, it the user logged in, and if would not be there, if
> the
> > user logged out, or that cookie has expired.
> >
> > If document.cookie reported all the names of the cookie, this would not
> > have been an issue.
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list