Is there any way to duplicate an user’s session.
-
I’m trying to duplicate an user’s session. My goal here is to create a “login with one link” functionality. Unfortunately, I have no idea how to start on a good path. My one and only requirement is that the user I want to access the site of clicks one button and he can generate a (could be PGP encrypted) string that he can send to me that I can then use to login.
I understand that, every time an user logs in, a session is created, clearly seen in the
wp_usermetatable undersession_tokens.Here’s the thing. Assuming I use
wp_get_session_tokento see what the current (me) user’s token is, then later on do, inside an incognito window:wp_set_auth_cookie( 1, True,'', 'I4p6ETaYdgvVkL2jIyP70XIyorOM4znXnT9BM2TCejV' )to basically steal the session…that’s…all…I did. I stole the session. The other user’s session has now been invalidated and he has to re-login and if he does, he kicks me out, further invalidating my session.
How can I, by code, login from another spot and not force the other user out?
Any ideas?
Things I’ve tried:
1) I’m getting somewhat mixed results with running that one line at certain hooks. I wonder if WP needs to setup something first.
-
Here are the steps you can follow:
1. Add unique md5 value in user meta
2. Create a link https://example.com/?login_hash=MD5_VALUE
3. Share the above login link to user
4. Add code in functions.php to identify the $user_id using the “login_hash” from query string
5. Pass the user id in this function wp_set_auth_cookie($user_id); to login
- The topic ‘Is there any way to duplicate an user’s session.’ is closed to new replies.