Title: wp_parse_auth_cookie Published: April 25, 2014 Last modified: February 24, 2026 --- # wp_parse_auth_cookie( string $cookie, string $scheme ): string[]|false ## In this article * [Parameters](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#source) * [Related](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#changelog) * [User Contributed Notes](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#user-contributed-notes) [ Back to top](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#wp--skip-link--target) Parses a cookie into its components. ## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#parameters)󠁿 `$cookie`stringrequired Authentication cookie. `$scheme`stringoptional The cookie scheme to use: `'auth'`, `'secure_auth'`, or `'logged_in'`. ## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#return)󠁿 string[]|false Authentication cookie components. None of the components should be assumed to be valid as they come directly from a client-provided cookie value. If the cookie value is malformed, false is returned. * `username` string * User’s username. * `expiration` string * The time the cookie expires as a UNIX timestamp. * `token` string * User’s session token used. * `hmac` string * The security hash for the cookie. * `scheme` string * The cookie scheme to use. ## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#source)󠁿 ```php function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) { if ( empty( $cookie ) ) { switch ( $scheme ) { case 'auth': $cookie_name = AUTH_COOKIE; break; case 'secure_auth': $cookie_name = SECURE_AUTH_COOKIE; break; case 'logged_in': $cookie_name = LOGGED_IN_COOKIE; break; default: if ( is_ssl() ) { $cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; } else { $cookie_name = AUTH_COOKIE; $scheme = 'auth'; } } if ( empty( $_COOKIE[ $cookie_name ] ) ) { return false; } $cookie = $_COOKIE[ $cookie_name ]; } $cookie_elements = explode( '|', $cookie ); if ( count( $cookie_elements ) !== 4 ) { return false; } list( $username, $expiration, $token, $hmac ) = $cookie_elements; return compact( 'username', 'expiration', 'token', 'hmac', 'scheme' ); } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/pluggable.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/pluggable.php#L1009) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/pluggable.php#L1009-L1045) ## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#related)󠁿 | Uses | Description | | [is_ssl()](https://developer.wordpress.org/reference/functions/is_ssl/)`wp-includes/load.php` | Determines if SSL is used. | | Used by | Description | | [wp_get_session_token()](https://developer.wordpress.org/reference/functions/wp_get_session_token/)`wp-includes/user.php` | Retrieves the current session token from the logged_in cookie. | | [wp_validate_auth_cookie()](https://developer.wordpress.org/reference/functions/wp_validate_auth_cookie/)`wp-includes/pluggable.php` | Validates authentication cookie. | | [wp_update_user()](https://developer.wordpress.org/reference/functions/wp_update_user/)`wp-includes/user.php` | Updates a user in the database. | ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#changelog)󠁿 | Version | Description | | [4.0.0](https://developer.wordpress.org/reference/since/4.0.0/) | The `$token` element was added to the return value. | | [2.7.0](https://developer.wordpress.org/reference/since/2.7.0/) | Introduced. | ## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#user-contributed-notes)󠁿 1. [Skip to note 2 content](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/?output_format=md#comment-content-6302) 2. [vee](https://profiles.wordpress.org/okvee/) [ 3 years ago ](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/#comment-6302) 3. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_parse_auth_cookie%2F%23comment-6302) Vote results for this note: 0[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_parse_auth_cookie%2F%23comment-6302) 4. Please note that expiration is timestamp in UTC. You need to convert into your local time if you want to display it. 5. [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_parse_auth_cookie%2F%3Freplytocom%3D6302%23feedback-editor-6302) You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_parse_auth_cookie%2F) before being able to contribute a note or feedback.