This is the main requirements of my project.
After a user login, logout should be done only if user click logout button or if user delete browser history.
When browser closing, then machine restarting, changing IP address should NOT logout the User.
Is this possible with WordPress? Is there any filter, action hook?
This is the main requirements of my project.
After a user login, logout should be done only if user click logout button or if user delete browser history.
When browser closing, then machine restarting, changing IP address should NOT logout the User.
Is this possible with WordPress? Is there any filter, action hook?
Share Improve this question asked Nov 28, 2017 at 4:43 I am the Most Stupid PersonI am the Most Stupid Person 5681 gold badge7 silver badges30 bronze badges3 Answers
Reset to default 3You can use the auth_cookie_expiration filter to change the expiration time of the cookie WordPress sets to remember you. The user won't be logged out unless they change browser or clear their cookies (normally part of clearing history).
The problem is that you can't set a cookie to never expire, so you have to set a date in the far future. The furthest you can go is 19th January 2038, because of the Year 2038 problem.
The value of the auth_cookie_expiration filter is added to time() so if you want to set the longest possible time for the cookie, you need to get the maximum value (2147483647 according to this) and subtract time():
function wpse_287104_cookie_expiration( $length ) {
return time() - 2147483647;
}
add_filter( 'auth_cookie_expiration', 'wpse_287104_cookie_expiration' );
I used this code in wordpress functions.php, to auto logout customer/user after payment in woocommerce or close the browser
function logged_in( $expirein ) {
return 6; // 6 in seconds
}
add_filter( 'auth_cookie_expiration', 'logged_in' );
function wp_logout2() {
wp_destroy_current_session();
wp_clear_auth_cookie();
/**
* Fires after a user is logged-out.
*
* @since 1.5.0
*/
do_action( 'wp_logout2' );
}
function wpse108399_change_cookie_logout( $expiration, $user_id, $remember ){
if( $remember && user_can( $user_id, 'administrator' ) ){
$expiration = 604800;// yes, I know this is 1 minute
}
if( $remember && user_can( $user_id, 'editor' ) ){
$expiration = 604800;// yes, I know this is 1 minute
}
}
return $expiration;
}
add_filter( 'auth_cookie_expiration','wpse108399_change_cookie_logout', 10, 3 );
/**
* Bypass logout confirmation.
*/
function iconic_bypass_logout_confirmation() {
global $wp;
if ( isset( $wp->query_vars['customer-logout'] ) ) {
wp_redirect( str_replace( '&', '&', wp_logout_url( wc_get_page_permalink( 'myaccount' ) ) ) );
exit;
}
}
add_action( 'template_redirect', 'iconic_bypass_logout_confirmation' );
A part of this code it's for increase expiration time to administrators of wordpress or other kinds of user
function wpse108399_change_cookie_logout( $expiration, $user_id, $remember ){
if( $remember && user_can( $user_id, 'administrator' ) ){
$expiration = 604800;// yes, I know this is 1 minute
}
if( $remember && user_can( $user_id, 'editor' ) ){
$expiration = 604800;// yes, I know this is 1 minute
}
}
return $expiration;
}
add_filter( 'auth_cookie_expiration','wpse108399_change_cookie_logout', 10, 3 );
You can try setting cookies when a user logs in using wp_set_auth_cookie.
Something like :
add_action( 'wp_login', function($login, $user){
wp_set_auth_cookie($user->ID, TRUE);
}, 10, 2 );
Note: Code is not tested or tried. Please check for errors.