Title: WP_Session_Tokens::create Published: September 4, 2014 Last modified: April 28, 2025 --- # WP_Session_Tokens::create( int $expiration ): string ## In this article * [Description](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#description) * [Parameters](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#source) * [Hooks](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#hooks) * [Related](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#wp--skip-link--target) Generates a session token and attaches session information to it. ## 󠀁[Description](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#description)󠁿 A session token is a long, random string. It is used in a cookie to link that cookie to an expiration time and to ensure the cookie becomes invalidated when the user logs out. This function generates a token and stores it with the associated expiration time( and potentially other session information via the [‘attach_session_information’](https://developer.wordpress.org/reference/hooks/attach_session_information/) filter). ## 󠀁[Parameters](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#parameters)󠁿 `$expiration`intrequired Session expiration timestamp. ## 󠀁[Return](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#return)󠁿 string Session token. ## 󠀁[Source](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#source)󠁿 ```php final public function create( $expiration ) { /** * Filters the information attached to the newly created session. * * Can be used to attach further information to a session. * * @since 4.0.0 * * @param array $session Array of extra data. * @param int $user_id User ID. */ $session = apply_filters( 'attach_session_information', array(), $this->user_id ); $session['expiration'] = $expiration; // IP address. if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { $session['ip'] = $_SERVER['REMOTE_ADDR']; } // User-agent. if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] ); } // Timestamp. $session['login'] = time(); $token = wp_generate_password( 43, false, false ); $this->update( $token, $session ); return $token; } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/class-wp-session-tokens.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/class-wp-session-tokens.php#L118) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/class-wp-session-tokens.php#L118-L150) ## 󠀁[Hooks](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#hooks)󠁿 [apply_filters( ‘attach_session_information’, array $session, int $user_id )](https://developer.wordpress.org/reference/hooks/attach_session_information/) Filters the information attached to the newly created session. ## 󠀁[Related](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#related)󠁿 | Uses | Description | | [WP_Session_Tokens::update()](https://developer.wordpress.org/reference/classes/wp_session_tokens/update/)`wp-includes/class-wp-session-tokens.php` | Updates the data for the session with the given token. | | [wp_generate_password()](https://developer.wordpress.org/reference/functions/wp_generate_password/)`wp-includes/pluggable.php` | Generates a random password drawn from the defined set of characters. | | [wp_unslash()](https://developer.wordpress.org/reference/functions/wp_unslash/)`wp-includes/formatting.php` | Removes slashes from a string or recursively removes slashes from strings within an array. | | [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` | Calls the callback functions that have been added to a filter hook. | [Show 2 more](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#) [Show less](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#) ## 󠀁[Changelog](https://developer.wordpress.org/reference/classes/wp_session_tokens/create/?output_format=md#changelog)󠁿 | Version | Description | | [4.0.0](https://developer.wordpress.org/reference/since/4.0.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_session_tokens%2Fcreate%2F) before being able to contribute a note or feedback.