wp_generate_auth_cookie

The timeline below displays how wordpress function wp_generate_auth_cookie has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 5.3

/**
 * Generates authentication cookie contents.
 *
 * @since 2.5.0
 * @since 4.0.0 The `$token` parameter was added.
 *
 * @param int    $user_id    User ID.
 * @param int    $expiration The time the cookie expires as a UNIX timestamp.
 * @param string $scheme     Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
 *                           Default 'auth'.
 * @param string $token      User's session token to use for this cookie.
 * @return string Authentication cookie contents. Empty string if user does not exist.
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth', $token = '')
{
    $user = get_userdata($user_id);
    if (!$user) {
        return '';
    }
    if (!$token) {
        $manager = WP_Session_Tokens::get_instance($user_id);
        $token = $manager->create($expiration);
    }
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
    // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
    $algo = function_exists('hash') ? 'sha256' : 'sha1';
    $hash = hash_hmac($algo, $user->user_login . '|' . $expiration . '|' . $token, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
    /**
     * Filters the authentication cookie.
     *
     * @since 2.5.0
     * @since 4.0.0 The `$token` parameter was added.
     *
     * @param string $cookie     Authentication cookie.
     * @param int    $user_id    User ID.
     * @param int    $expiration The time the cookie expires as a UNIX timestamp.
     * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
     * @param string $token      User's session token used.
     */
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme, $token);
}

WordPress Version: 4.9

/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 * @since 4.0.0 The `$token` parameter was added.
 *
 * @param int    $user_id    User ID
 * @param int    $expiration The time the cookie expires as a UNIX timestamp.
 * @param string $scheme     Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @param string $token      User's session token to use for this cookie
 * @return string Authentication cookie contents. Empty string if user does not exist.
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth', $token = '')
{
    $user = get_userdata($user_id);
    if (!$user) {
        return '';
    }
    if (!$token) {
        $manager = WP_Session_Tokens::get_instance($user_id);
        $token = $manager->create($expiration);
    }
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
    // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
    $algo = function_exists('hash') ? 'sha256' : 'sha1';
    $hash = hash_hmac($algo, $user->user_login . '|' . $expiration . '|' . $token, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
    /**
     * Filters the authentication cookie.
     *
     * @since 2.5.0
     * @since 4.0.0 The `$token` parameter was added.
     *
     * @param string $cookie     Authentication cookie.
     * @param int    $user_id    User ID.
     * @param int    $expiration The time the cookie expires as a UNIX timestamp.
     * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
     * @param string $token      User's session token used.
     */
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme, $token);
}

WordPress Version: 4.6

/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int    $user_id    User ID
 * @param int    $expiration The time the cookie expires as a UNIX timestamp.
 * @param string $scheme     Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @param string $token      User's session token to use for this cookie
 * @return string Authentication cookie contents. Empty string if user does not exist.
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth', $token = '')
{
    $user = get_userdata($user_id);
    if (!$user) {
        return '';
    }
    if (!$token) {
        $manager = WP_Session_Tokens::get_instance($user_id);
        $token = $manager->create($expiration);
    }
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
    // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
    $algo = function_exists('hash') ? 'sha256' : 'sha1';
    $hash = hash_hmac($algo, $user->user_login . '|' . $expiration . '|' . $token, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
    /**
     * Filters the authentication cookie.
     *
     * @since 2.5.0
     *
     * @param string $cookie     Authentication cookie.
     * @param int    $user_id    User ID.
     * @param int    $expiration The time the cookie expires as a UNIX timestamp.
     * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
     * @param string $token      User's session token used.
     */
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme, $token);
}

WordPress Version: 4.3

/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int    $user_id    User ID
 * @param int    $expiration Cookie expiration in seconds
 * @param string $scheme     Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @param string $token      User's session token to use for this cookie
 * @return string Authentication cookie contents. Empty string if user does not exist.
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth', $token = '')
{
    $user = get_userdata($user_id);
    if (!$user) {
        return '';
    }
    if (!$token) {
        $manager = WP_Session_Tokens::get_instance($user_id);
        $token = $manager->create($expiration);
    }
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
    // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
    $algo = function_exists('hash') ? 'sha256' : 'sha1';
    $hash = hash_hmac($algo, $user->user_login . '|' . $expiration . '|' . $token, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
    /**
     * Filter the authentication cookie.
     *
     * @since 2.5.0
     *
     * @param string $cookie     Authentication cookie.
     * @param int    $user_id    User ID.
     * @param int    $expiration Authentication cookie expiration in seconds.
     * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
     * @param string $token      User's session token used.
     */
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme, $token);
}

WordPress Version: 0.1

/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int $user_id User ID
 * @param int $expiration Cookie expiration in seconds
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @param string $token User's session token to use for this cookie
 * @return string Authentication cookie contents. Empty string if user does not exist.
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth', $token = '')
{
    $user = get_userdata($user_id);
    if (!$user) {
        return '';
    }
    if (!$token) {
        $manager = WP_Session_Tokens::get_instance($user_id);
        $token = $manager->create($expiration);
    }
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
    // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
    $algo = function_exists('hash') ? 'sha256' : 'sha1';
    $hash = hash_hmac($algo, $user->user_login . '|' . $expiration . '|' . $token, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
    /**
     * Filter the authentication cookie.
     *
     * @since 2.5.0
     *
     * @param string $cookie     Authentication cookie.
     * @param int    $user_id    User ID.
     * @param int    $expiration Authentication cookie expiration in seconds.
     * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
     * @param string $token      User's session token used.
     */
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme, $token);
}

WordPress Version: 4.0

/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int $user_id User ID
 * @param int $expiration Cookie expiration in seconds
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @param string $token User's session token to use for this cookie
 * @return string Authentication cookie contents. Empty string if user does not exist.
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth', $token = '')
{
    $user = get_userdata($user_id);
    if (!$user) {
        return '';
    }
    if (!$token) {
        $manager = WP_Session_Tokens::get_instance($user_id);
        $token = $manager->create($expiration);
    }
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
    $hash = hash_hmac('sha256', $user->user_login . '|' . $expiration . '|' . $token, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
    /**
     * Filter the authentication cookie.
     *
     * @since 2.5.0
     *
     * @param string $cookie     Authentication cookie.
     * @param int    $user_id    User ID.
     * @param int    $expiration Authentication cookie expiration in seconds.
     * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
     * @param string $token      User's session token used.
     */
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme, $token);
}

WordPress Version: 3.9

/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int $user_id User ID
 * @param int $expiration Cookie expiration in seconds
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @return string Authentication cookie contents
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth')
{
    $user = get_userdata($user_id);
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
    $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
    /**
     * Filter the authentication cookie.
     *
     * @since 2.5.0
     *
     * @param string $cookie     Authentication cookie.
     * @param int    $user_id    User ID.
     * @param int    $expiration Authentication cookie expiration in seconds.
     * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
     */
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
}

WordPress Version: 3.7

/**
 * Generate authentication cookie contents.
 *
 * @since 2.5
 * @uses apply_filters() Calls 'auth_cookie' hook on $cookie contents, User ID
 *		and expiration of cookie.
 *
 * @param int $user_id User ID
 * @param int $expiration Cookie expiration in seconds
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @return string Authentication cookie contents
 */
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth')
{
    $user = get_userdata($user_id);
    $pass_frag = substr($user->user_pass, 8, 4);
    $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
    $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
    $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
    return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
}