I have a plugin, and I'm using add_action to hook into auth_cookie_valid to alter how login cookies are handled.
I want to create a filter inside the hook to allow users to control the logic a little.
I have this inside my auth_cookie_valid hook which has the default value false, then applies the filter:
$allowDuplicateSessions = false;
$allowDuplicateSessions = apply_filters('persistent_login_allow_duplicate_sessions', $allowDuplicateSessions);
and in functions.php I have this to make it true:
function handle_persistent_login_allow_duplicate_sessions($allowDuplicateSessions) {
$allowDuplicateSessions = true;
return $allowDuplicateSessions;
}
add_filter('persistent_login_allow_duplicate_sessions', 'handle_persistent_login_allow_duplicate_sessions');
However, $allowDuplicateSessions always returns false.
I'm wondering if the filter in functions.php is running too late for the auth_cookie_valid hook? I haven't spotted anything in the documentation though.
I think this because I moved my apply_filters code to the wp_footer action hook and it returned true. So I'm starting to think that the issue is with auth_cookie_valid?
Function as requested below (I've removed a lot of irrelevant lines as it's quite a big function:
// update auth cookie with new login time, expiry time & IP address
function persistent_login_update_auth_cookie($cookieElements, $user) {
if( $user ) :
$persistent_login_roles = get_option( 'persistent_login_options_user_access' );
if( $persistent_login_roles ) :
if( array_intersect($user->roles, $persistent_login_roles) ) :
// update the cookie expiration time
$options = get_option('persistent_login_options_premium');
if( $options ) :
$expiration = $options['cookieTime'];
else :
$expiration = strtotime('1 year', 0); // 1 year default
endif;
// update the IP address and login time of the cookie
$sessionToken = $cookieElements['token'];
if ( function_exists( 'hash' ) ) :
$verifier = hash('sha256', $sessionToken);
else :
$verifier = sha1( $sessionToken);
endif;
$sessions = get_user_meta($user->ID, 'session_tokens', true);
$sessions[$verifier]['login'] = time();
$sessions[$verifier]['expiration'] = time()+$expiration;
$sessions[$verifier]['ip'] = $_SERVER["REMOTE_ADDR"];
// update the token with new data
$wp_session_token = WP_Session_Tokens::get_instance($user->ID);
$wp_session_token->update( $sessionToken, $sessions[$verifier]);
// apply filter for allowing duplicate sessions
$allowDuplicateSessions = false;
$allowDuplicateSessions = apply_filters('persistent_login_allow_duplicate_sessions', $allowDuplicateSessions);
// remove any exact matches to this session
foreach ($sessions as $key => $session) :
if( $key !== $verifier ) :
if( is_bool($allowDuplicateSessions) ) :
if( $allowDuplicateSessions === false ) :
// if we're on the same user agent and same IP, we're probably on the same device
// delete the duplicate session
if(
($session['ip'] === $sessions[$verifier]['ip']) &&
($session['ua'] === $sessions[$verifier]['ua'])
) :
$updateSession = new Persistent_Login_Manage_Sessions($user->ID);
$updateSession->persistent_login_update_session($key);
endif;
endif;
else :
return new WP_Error( 'broke', __( "Error, expected boolean value in persistent_login_allow_duplicate_sessions filter." ) );
endif; // end boolean check
endif; // if key is different to identifier
endforeach;
// set users local cookie again - checks if they should be remembered
$rememberUserCheck = get_user_meta($user->ID, 'persistent_login_remember_me', true);
if( $rememberUserCheck === 'true' ) :
// if the user should be remembered, reset the cookie so the cookie time is reset
wp_set_auth_cookie($user->ID, true, is_ssl(), $sessionToken);
else :
// if the users doen't want to be remembered, don't re-set the cookie
endif;
endif; // end if roles match the user roles
endif; // endif persistent login roles
endif; // endif user
}
add_action('auth_cookie_valid', 'persistent_login_update_auth_cookie', 10, 2);
