WP_Session_Tokens::create( int $expiration ): string

Generates a session token and attaches session information to it.


Description

A session token is a long, random string. It is used in a cookie to link that cookie to an expiration time and to ensure the cookie becomes invalidated when the user logs out.

This function generates a token and stores it with the associated expiration time (and potentially other session information via the ‘attach_session_information’ filter).


Top ↑

Parameters

$expiration int Required
Session expiration timestamp.

Top ↑

Return

string Session token.


Top ↑

Source

File: wp-includes/class-wp-session-tokens.php. View all references

final public function create( $expiration ) {
	/**
	 * Filters the information attached to the newly created session.
	 *
	 * Can be used to attach further information to a session.
	 *
	 * @since 4.0.0
	 *
	 * @param array $session Array of extra data.
	 * @param int   $user_id User ID.
	 */
	$session               = apply_filters( 'attach_session_information', array(), $this->user_id );
	$session['expiration'] = $expiration;

	// IP address.
	if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) {
		$session['ip'] = $_SERVER['REMOTE_ADDR'];
	}

	// User-agent.
	if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
		$session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
	}

	// Timestamp.
	$session['login'] = time();

	$token = wp_generate_password( 43, false, false );

	$this->update( $token, $session );

	return $token;
}

Top ↑

Hooks



Top ↑

Changelog

Changelog
Version Description
4.0.0 Introduced.

Top ↑

User Contributed Notes

You must log in before being able to contribute a note or feedback.