wp_clear_auth_cookie()
云策文档标注
概述
wp_clear_auth_cookie() 函数用于移除所有与认证相关的 Cookie,实现用户登出功能。该函数可通过插件重定义,并触发相关 Hook 以控制行为。
关键要点
- 移除认证 Cookie:包括 AUTH_COOKIE、SECURE_AUTH_COOKIE、LOGGED_IN_COOKIE 等,通过设置过期时间为过去来清除。
- 插件可重定义:如果插件未重定义此函数,则使用默认实现。
- 触发 Hook:执行前触发 'clear_auth_cookie' action,并通过 'send_auth_cookies' filter 控制是否发送 Cookie。
- 清除多种 Cookie:包括认证、设置、旧版和文章密码 Cookie,覆盖不同路径如 ADMIN_COOKIE_PATH、PLUGINS_COOKIE_PATH 等。
代码示例
function wp_clear_auth_cookie() {
do_action( 'clear_auth_cookie' );
if ( ! apply_filters( 'send_auth_cookies', true, 0, 0, 0, '', '' ) ) {
return;
}
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
// 更多 setcookie 调用...
}注意事项
- 函数自 WordPress 2.5.0 引入,用于 wp_logout() 和 wp_update_user() 等场景。
- 使用 Hook 时需注意参数顺序和默认值,以确保兼容性。
原文内容
Removes all of the cookies associated with authentication.
Source
function wp_clear_auth_cookie() {
/**
* Fires just before the authentication cookies are cleared.
*
* @since 2.7.0
*/
do_action( 'clear_auth_cookie' );
/** This filter is documented in wp-includes/pluggable.php */
if ( ! apply_filters( 'send_auth_cookies', true, 0, 0, 0, '', '' ) ) {
return;
}
// Auth cookies.
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
// Settings cookies.
setcookie( 'wp-settings-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
// Old cookies.
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
// Even older cookies.
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
// Post password cookie.
setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
}
Hooks
- do_action( ‘clear_auth_cookie’ )
-
Fires just before the authentication cookies are cleared.
- apply_filters( ‘send_auth_cookies’, bool $send, int $expire, int $expiration, int $user_id, string $scheme, string $token )
-
Allows preventing auth cookies from actually being sent to the client.
Changelog
| Version | Description |
|---|---|
| 2.5.0 | Introduced. |