Overriding cookie expiry for directory authenticated users

to be honest, i completely forgot. Can you put your code into a github gist? or pastebin? i’ll try to incorporate it into the v1.9.0 version i want to release soon.

Great! I’ve uploaded my version of wpDirAuth.php here: https://gist.github.com/SeanDS/f4fcd57b2719bae9097d5941e8c58d72

All I did was add an additional boolean setting that allows the admin to stop the cookie expiry that the auth_cookie_expiration hook sends to wpDirAuth_cookieExpire from being overriden to 1 hour. I thought about adding an extra setting to allow the admin to set a custom expiry time, but that’s probably beyond the intended scope of this plugin.

I hope this is useful, and makes it into the next version! Cheers.

I dont like the idea of completely disabling the cookie expiration time. So, instead, I set up an area in the Admin Settings for wpDirAuth to set the expiration time (in hours).

Can you test out this version and let me know if it works for you?

https://gist.github.com/gilzow/febf6c36fd46dd24dba7b2bbbbd7c375

Thanks for looking into this – I’ll test it out tomorrow and let you know how I get on. However, you should know that my intention was not to disable the cookie expiry totally, but rather to avoid modifying what the WordPress default is. On my installation it defaults to 2 weeks, so by disabling the cookie override in the way I implemented it, it really just stops the default 2 week period from being overridden.

Understood. Many institutions that have AD and/or some type of Single Sign-On system in place, also have restrictions on the length of time a session for a centrally-authed account can be. I know for us, it’s 24 hours. I didn’t want it to be either 1 hour or completely disabled, and instead wanted to give more flexibility to meet as many needs as possible. With the way it’s implemented in the version I gave you, if you want, and your organization is ok with, a 2 week timeout, then you can implement it by setting the value to 336.

Since wpDirAuth implements the cookie expiration time by hooking the auth_cookie_expiration filter, if you really want to completely remove it, you can do so by removing the callback from the stack for this filter:

$intDirAuthPriority = has_filter('auth_cookie_expiration','wpDirAuth_cookieExpire');
if(is_int($intDirAuthPriority)){
    remove_filter('auth_cookie_expiration','wpDirAuth_cookieExpire',$intDirAuthPriority);
}

Place the above code in your theme’s function file, or you can place it in a custom plugin.

Hi Paul, I just tested your code and it works nicely. Thanks a lot! Your reasoning for wanting to keep the cookie expiry setting is sound and makes sense. We don’t have a policy on session times and nothing on the site is particularly sensitive, so I’ll just set the expiry to a large number of hours.

Do you have an ETA on the next version that will include this capability? Thanks again!

today is my goal. if not today, then on monday.

6 days late, but version 1.9.3 is now out.

Great – thanks a lot for doing this!