WordPress Version: 6.1
/**
* Parses a cookie into its components.
*
* @since 2.7.0
* @since 4.0.0 The `$token` element was added to the return value.
*
* @param string $cookie Authentication cookie.
* @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
* @return string[]|false {
* Authentication cookie components. None of the components should be assumed
* to be valid as they come directly from a client-provided cookie value. If
* the cookie value is malformed, false is returned.
*
* @type string $username User's username.
* @type string $expiration The time the cookie expires as a UNIX timestamp.
* @type string $token User's session token used.
* @type string $hmac The security hash for the cookie.
* @type string $scheme The cookie scheme to use.
* }
*/
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
if (empty($cookie)) {
switch ($scheme) {
case 'auth':
$cookie_name = AUTH_COOKIE;
break;
case 'secure_auth':
$cookie_name = SECURE_AUTH_COOKIE;
break;
case 'logged_in':
$cookie_name = LOGGED_IN_COOKIE;
break;
default:
if (is_ssl()) {
$cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
}
if (empty($_COOKIE[$cookie_name])) {
return false;
}
$cookie = $_COOKIE[$cookie_name];
}
$cookie_elements = explode('|', $cookie);
if (count($cookie_elements) !== 4) {
return false;
}
list($username, $expiration, $token, $hmac) = $cookie_elements;
return compact('username', 'expiration', 'token', 'hmac', 'scheme');
}