Title: auth_cookie_bad_session_token
Published: September 4, 2014
Last modified: May 20, 2026

---

# do_action( ‘auth_cookie_bad_session_token’, string[] $cookie_elements )

## In this article

 * [Parameters](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#parameters)
 * [Source](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#source)
 * [Related](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#changelog)

[ Back to top](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#wp--skip-link--target)

Fires if a bad session token is encountered.

## 󠀁[Parameters](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#parameters)󠁿

 `$cookie_elements`string[]

Authentication cookie components. None of the components should be assumed to be
valid as they come directly from a client-provided cookie value.

 * `username` string
 * User’s username.
 * `expiration` string
 * The time the cookie expires as a UNIX timestamp.
 * `token` string
 * User’s session token used.
 * `hmac` string
 * The security hash for the cookie.
 * `scheme` string
 * The cookie scheme to use.

## 󠀁[Source](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#source)󠁿

    ```php
    do_action( 'auth_cookie_bad_session_token', $cookie_elements );
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/pluggable.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-includes/pluggable.php#L906)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-includes/pluggable.php#L906-L906)

## 󠀁[Related](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#related)󠁿

| Used by | Description | 
| [wp_validate_auth_cookie()](https://developer.wordpress.org/reference/functions/wp_validate_auth_cookie/)`wp-includes/pluggable.php` |

Validates authentication cookie.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/hooks/auth_cookie_bad_session_token/?output_format=md#changelog)󠁿

| Version | Description | 
| [4.0.0](https://developer.wordpress.org/reference/since/4.0.0/) | Introduced. |

## User Contributed Notes

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fhooks%2Fauth_cookie_bad_session_token%2F)
before being able to contribute a note or feedback.