$_SESSION access on logout

wp_logout() destroys WP auth cookies in order to “destroy the current user session.” It doesn’t have anything to do with $_SESSION one way or the other.

The only place WP addresses $_SESSION at all is in wp_unregister_GLOBALS(), which does destroy it, though I’ve no idea when it’s called. I do know it’s not called from the logout link or wp_logout().

Not an answer, but maybe it helps some.

Hi bcworkz, thanks for the info

I only need the ID of the logging-out user so I tried calling wp_validate_auth_cookie but that fails too.

I’ve patched into the 1st line of function wp_logout before the wp_clear_auth_cookie! Code is

$user_id = wp_validate_auth_cookie();
if( $user_id )
{ //valid user id returned

doesn’t look wrong or is it?
thanks, clive

Seems like it should work, but it is wrong in the sense of you should not be modifying core functions in the first place. Forgetting that for the moment, have you tried get_current_user_id()? It tries to determine the user from several resources besides the auth cookies.

I suspect it still will fail. I’m not sure, but it appears by the time wp_logout() is called, WP has given up keeping track of the actual user. It’s task at this point is to destroy the cookies on the connected browser. It no longer cares who the browser belongs to, it simply times out whatever cookies are there.

What’s so important about the user ID if they’re in the process of logging out? There may be a proper hook to use if the logout URL is used, but not if wp_logout() is called directly.

You shouldn’t hack the core code… Any changes will be over-written on the next update and you’ll loos your modifications!

What you should do is hook into the ‘wp_logout’ action as a first priority, and that should let you get the ID before the system performs the log out. That will let you get the ID before the system actually logs out the user. Something like…

function before_logout () {
    $id = get_current_user_id ();
}

add_action ('wp_logout', 'before_logout', 1)

Note: The above hasn’t been tested, but that’s where I’d at least start as it’s the most friendly, and future-friendly, way of doing it.

hi both, thanks for the replies

yes, add_action’s cleaner. I’ve tried it with priority 1 but the get_current_user_id call returns 0. Also re-checked using wp_validate_auth_cookie and it returned 0.

puzzled,clive

Once the user clicks the logout link, it’s too late to get the user ID. You need to get it before then via some action hook, and stash it somewhere, perhaps your own cookie? Then on ‘wp_logout’ or similar you can grab that ID and do what you will with it.

sorry – bit late replying

I’ve decided to bypass the problem for the moment.
Yes, maybe use a cookie.

Anyway, it’s a pity the user context has been lost. Surely that should happen in wp_logout not before and it could be possible to hook into the add_action chain to run prior to wp_logout execution to allow final housekeeping.

Also, I notice that after logging out but not closing the browser window if a user re-visits the website they are welcomed as logged in! Not bothered by this, just amazed.

cheers,clive