Strange cookie behaviour

  • Hi John, I have been using your plugin successfully for months now, and have managed to customise it exactly as I need it.
    Some users (belonging to a custom user group I created for this feature) complain of this behaviour when they close the browser (without logging out):

    • if logged in as the main user, before switching to any user, closing/reopening the browser, all OK.
    • if logged in, they switch to any user, closing/reopening the browser, they have to log in again
    • if logged in, switch user, then do “back to user”, close/reopen browser, have to log in again

    This happens with Chrome, with FF, and with Android mobile. The strange thing, is that I couldn’t simulate this malfunction, personally from all my devices it works, i.e. I stay logged in with the last selected user.

    Do you have any idea where the problem may lie?
    As a plugin that can interfere I use Wordfence Login, but 2FA is disabled on that user group.

    Thank you very much in advance!

    Translated with DeepL.com (free version)

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author John Blackbourn

    (@johnbillion)

    WordPress Core Developer

    When User Switching sets its cookie, it has to make a decision whether it should be a session cookie or a persistent one. It does this based on whether the original user checked the “Remember me” checkbox when they logged in. In order to determine this it checks the expiration time of their authentication cookie. If it expires more than 48 hours in the future then they must have checked “Remember me”. This is the method that performs that logic.

    If this isn’t working properly then the cookie that gets set when they switch to another user will be a session cookie instead of a persistent one, and it’ll get deleted when the user closes their browser.

    Could it be that your customisation is affecting this logic?

    Thread Starter sergio79

    (@sergio79)

    Hi John,

    actually in a custom function of mine I had tried to extend the cookie expiration:

    add_filter(‘auth_cookie_expiration’, ‘extend_cookie_expiration’, 10, 3);
    function extend_cookie_expiration($length, $user_id, $remember) {
    return 60 * 60 * 168;
    }

    Commented out this function, now everything seems to work correctly. Does this make sense?

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.