Introduce a `$token` argument to `wp_set_auth_cookie()` so session tokens can be reused by custom authentication implementations.

Props rmccue Fixes 30247 git-svn-id: https://develop.svn.wordpress.org/trunk@32465 602fd350-edb4-49c9-b593-d223f7449a82
2015-05-09 00:27:11 +00:00 · 2015-05-09 00:27:11 +00:00 · 1b76bd6246
parent 8303e8f314
commit 1b76bd6246
1 changed files with 7 additions and 3 deletions
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@ -822,13 +822,15 @@ if ( !function_exists('wp_set_auth_cookie') ) :
 * set, the cookies will be kept for 14 days or two weeks.
 *
 * @since 2.5.0
+ * @since 4.3.0 Added the `$token` parameter.
 *
 * @param int $user_id User ID
 * @param bool $remember Whether to remember the user
 * @param mixed $secure  Whether the admin cookies should only be sent over HTTPS.
 *                       Default is_ssl().
+ * @param string $token  Optional. User's session token to use for this cookie.
 */
-function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
+function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
 	if ( $remember ) {
 		/**
 		 * Filter the duration of the authentication cookie expiration period.
@ -888,8 +890,10 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
 		$scheme = 'auth';
 	}

-	$manager = WP_Session_Tokens::get_instance( $user_id );
-	$token = $manager->create( $expiration );
+	if ( '' === $token ) {
+		$manager = WP_Session_Tokens::get_instance( $user_id );
+		$token   = $manager->create( $expiration );
+	}

 	$auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
 	$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );