[wp-trac] [WordPress Trac] #63230: Correct expiration time documentation for `wp_set_auth_cookie()`
WordPress Trac
noreply at wordpress.org
Fri Apr 4 15:48:00 UTC 2025
#63230: Correct expiration time documentation for `wp_set_auth_cookie()`
------------------------------------+---------------------
Reporter: peterwilsoncc | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.9
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-docs | Focuses: docs
------------------------------------+---------------------
Comment (by siliconforks):
Replying to [comment:5 zodiac1978]:
> Looking at this code it reads the cookie via `wp_parse_auth_cookie` and
then it casts it to integer:
>
> {{{
> $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme );
> // ...
> $expiration = $cookie_elements['expiration'];
> // ...
> $expired = (int) $expiration;
> }}}
>
> For a session cookie this means the value is 0.
>
> What do you mean with server side?
I mean that the expiration time is used in a couple of different places:
1. It is used as the expiration time for the browser cookie.
2. It is also stored in the cookie itself (as a Unix timestamp - seconds
since 1970) and validated by the server. That's what I mean by "server-
side".
If "remember me" is not checked, then (1) above does not apply (because it
will be a session cookie). However (2) still applies here.
The value of `$expired` in `wp_parse_auth_cookie` should never be 0
because it is using the value stored in the cookie itself rather than the
cookie's expiration time.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63230#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list