Authenticate Filter

  • Resolved farnely

    (@farnely)


    2 years, 2 months ago

    I have two websites: one is a multi-site install, the other isn’t. On both installs, I have used the ‘authenticate’ filter to require admin users to provide an additional piece of information (via a custom form) during the login process. When this form is submitted, a custom code snippet validates the input. If successful, the wordpress function wp_set_auth_cookie runs (passing the User’s ID as a parameter) and then re-directs to wp-admin.

    On both sites, admin users are logged in successfully. On the single site install, admin users can log out successfully from wp-admin but on the multi-site, the “are you sure you want to log out” message appears.

    After many hours of checking and testing, I’ve been able to ascertain that the “logged in cookie” isn’t being set on the multi-site which is why the log out checks fail.

    Do I need to do something different or in addition to wp_set_auth_cookie on the multi-site?

    Many thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator bcworkz

    (@bcworkz)

    You shouldn’t set an auth cookie from an “authenticate” callback. Just verify the user’s credentials, then return either a WP_User or WP_Error object. If you return a WP_User object, WP will set the auth cookie for you.

    I’m not sure, but I suspect you prematurely setting the auth cookie is confusing the log out process.

    Thread Starter farnely

    (@farnely)

    The authenticate callback only checks the user’s role/capabilities (it’s not where the auth cookie is set). If the user is an administrator, they are redirected to the custom form which is processed using admin-post.php and runs a custom function and this is where the auth cookie is set using wp_set_auth_cookie.

    Moderator bcworkz

    (@bcworkz)

    It’d be better to process everything in “authenticate” and not do any redirects. When you redirect, the proper login process isn’t completed. You can do whatever extra processing in the authenticate callback. Just return the correct object in the end.

    If you really want to do your own login process, besides setting the auth cookie, also wp_set_current_user(). By redirecting, there is somehow a cookie path mismatch on multisite. Apparently which network site the user is logging into is getting lost or confused. Verify that the redirect path relates to the correct network site.

    Thread Starter farnely

    (@farnely)

    OK thank you; I’ll reconsider my approach.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Authenticate Filter’ is closed to new replies.

Tags