• Resolved botoxparty

    (@adamhammad)


    Hey,

    I am having problems using JWT Auth with my app as it needs cookies (for PHP sessions, cart management).

    Wordpress is setting the ‘wordpress_logged_in’ cookie when I authenticate with JWT auth and this is conflicting with the token. e.g. If i ask WordPress which user is logged in it will return false. If i remove the cookie manually from my browser then it will return the logged in user through JWT.

    Whats the best way to prevent this cookie from being set when using JWT auth to login?

Viewing 4 replies - 1 through 4 (of 4 total)
  • I have the same problem. In some cases I am calling my REST API from the WordPress Dashboard where the Cookie Header is automatically sent too and it seems to be conflicting with the JWT.

    I had to reimplement the following logic in my controller’s permissions check:

    
    if (class_exists('Jwt_Auth_Public')) {
        $jwt = new \Jwt_Auth_Public('jwt-auth', '1.1.0');
        $token = $jwt->validate_token(false);
        if (\is_wp_error($token)) {
            return false;
        }
    
        return user_can($token->data->user->id, 'edit_posts');
    } else {
        return current_user_can('edit_posts');
    }
    
    Thread Starter botoxparty

    (@adamhammad)

    What do you mean by your controller's permissions check ?

    Is this part of WP Core, or part of this plugin?

    Sorry don’t have a deep knowledge of how WP authenticates requests, which file did you edit?

    Thread Starter botoxparty

    (@adamhammad)

    Okay I worked it out, thanks Martin.

    Incase anyone else is looking for this solution, I was previously using wp_get_current_user to check if I was logged in, I replaced this with the function above.

    Cheers

    Thread Starter botoxparty

    (@adamhammad)

    I would even recommend adding this to the plugin.

    e.g.

    function get_current_user_id() {
      if (class_exists('Jwt_Auth_Public')) {
          $jwt = new \Jwt_Auth_Public('jwt-auth', '1.1.0');
          $token = $jwt->validate_token(false);
          if (\is_wp_error($token)) {
              return false;
          }
    
          return $token->data->user->id;
      } else {
          return false;
      }
    }
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Conflict with JWT and Cookies’ is closed to new replies.