Align membership login cookies with WordPress logged in cookie
-
There is an issue with the simple membership cookie and WordPress logged in cookie expiring at different times.
For example if the “remember me” option isn’t selected in the login portal, the WordPress logged in cookies expire after the browser is closed but the simple membership cookies would stay active for another 2 days.
This causes WP logged in code (such as when using is_user_logged_in) to show the user as logged out of WordPress but in fact the user will be logged into the membership side still. An example case would be to show a logged in button in the WP menu. The expired WP logged in cookie would cause the link to show a “Login” button despite the simple membership cookie saying they are still logged in.
I’ve used the below code to get around this by expiring the simple membership cookies if the user isn’t logged into WP. It’s a little messy but stops the issue above and better aligns the cookies.
// Remove membership cookies if not logged into WordPress add_action('after_setup_theme','remove_membership_cookies'); function remove_membership_cookies(){ if ( !is_user_logged_in() && isset($_COOKIE['simple_wp_membership_sec_' . COOKIEHASH ]) || !is_user_logged_in() && isset($_COOKIE['swpm_session']) ) { unset($_COOKIE['simple_wp_membership_sec_' . COOKIEHASH ]); setcookie('simple_wp_membership_sec_' . COOKIEHASH, null, -1); unset($_COOKIE['swpm_session']); setcookie('swpm_session', null, -1); } }
I also noticed the simple membership plugin hardcodes the cookie times below to maybe try to match the default WordPress cookie expiry times. There is a auth_cookie_expiration filter to change this default so potentially these times could be different on different sites.
if ( $remember ) { $expiration = time() + 1209600; //14 days $expire = $expiration + 43200; //12 hours grace period } else { $expiration = time() + 259200; //3 days. $expire = $expiration; //The minimum cookie expiration should be at least a few days. }
Ideally the simple membership cookie would expire when a user is logged out of WordPress or a cleaner solution would be to use the WordPress logged in cookie/functionality instead of separate cookies.
- The topic ‘Align membership login cookies with WordPress logged in cookie’ is closed to new replies.