Filter Since 1.5.4 uncanny-learndash-toolkit

user_switching_send_auth_cookies

Allows preventing auth cookies from actually being sent to the client. Filters whether authentication cookies are sent to the client during user switching.

add_filter( 'user_switching_send_auth_cookies', $callback, 10, 1 );

Description

This filter allows developers to programmatically prevent authentication cookies from being sent to the client. Use it to conditionally disable cookie transmission, for instance, during specific user switching operations or for enhanced security scenarios. The `$send` parameter, a boolean, controls this behavior.

Usage

add_filter( 'user_switching_send_auth_cookies', 'your_function_name', 10, 1 );

Parameters

$send (bool)
Whether to send auth cookies to the client.

Return Value

The filtered value.

Examples

/**
 * Prevent sending authentication cookies when switching users to a specific user ID.
 *
 * This filter can be used to conditionally prevent the authentication cookies
 * from being sent to the client. For example, you might want to disable
 * cookie sending if a specific administrative user is performing the switch,
 * or if the switch is happening in a context where cookies are not desired.
 *
 * @param bool $send Whether to send auth cookies to the client.
 * @return bool     Modified boolean indicating whether to send auth cookies.
 */
add_filter( 'user_switching_send_auth_cookies', function( $send ) {
    // Get the current user ID.
    $current_user_id = get_current_user_id();

    // Define a specific user ID (e.g., a super administrator) for whom we
    // want to prevent sending auth cookies.
    $prevent_cookie_user_id = 1; // Replace with the actual user ID if needed.

    // Check if the current user is the one for whom we want to prevent cookies.
    if ( $current_user_id === $prevent_cookie_user_id ) {
        // If it's the specified user, set $send to false to prevent cookies.
        return false;
    }

    // Otherwise, return the original value of $send.
    return $send;
}, 10, 1 );

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

src/includes/user-switching.php:1371
src/includes/user-switching.php:1401

function user_switching_set_olduser_cookie( $old_user_id, $pop = false, $token = '' ) {
		$secure_auth_cookie    = user_switching::secure_auth_cookie();
		$secure_olduser_cookie = user_switching::secure_olduser_cookie();
		$expiration            = time() + 172800; // 48 hours
		$auth_cookie           = user_switching_get_auth_cookie();
		$olduser_cookie        = wp_generate_auth_cookie( $old_user_id, $expiration, 'logged_in', $token );

		if ( $secure_auth_cookie ) {
			$auth_cookie_name = USER_SWITCHING_SECURE_COOKIE;
			$scheme           = 'secure_auth';
		} else {
			$auth_cookie_name = USER_SWITCHING_COOKIE;
			$scheme           = 'auth';
		}

		if ( $pop ) {
			array_pop( $auth_cookie );
		} else {
			array_push( $auth_cookie, wp_generate_auth_cookie( $old_user_id, $expiration, $scheme, $token ) );
		}

		$auth_cookie = json_encode( $auth_cookie );

		if ( false === $auth_cookie ) {
			return;
		}

		/**
		 * Fires immediately before the User Switching authentication cookie is set.
		 *
		 * @since 1.4.0
		 *
		 * @param string $auth_cookie JSON-encoded array of authentication cookie values.
		 * @param int    $expiration  The time when the authentication cookie expires as a UNIX timestamp.
		 * @param int    $old_user_id User ID.
		 * @param string $scheme      Authentication scheme. Values include 'auth' or 'secure_auth'.
		 * @param string $token       User's session token to use for the latest cookie.
		 */
		do_action( 'set_user_switching_cookie', $auth_cookie, $expiration, $old_user_id, $scheme, $token );

		$scheme = 'logged_in';

		/**
		 * Fires immediately before the User Switching old user cookie is set.
		 *
		 * @since 1.4.0
		 *
		 * @param string $olduser_cookie The old user cookie value.
		 * @param int    $expiration     The time when the logged-in authentication cookie expires as a UNIX timestamp.
		 * @param int    $old_user_id    User ID.
		 * @param string $scheme         Authentication scheme. Values include 'auth' or 'secure_auth'.
		 * @param string $token          User's session token to use for this cookie.
		 */
		do_action( 'set_olduser_cookie', $olduser_cookie, $expiration, $old_user_id, $scheme, $token );

		/**
		 * Allows preventing auth cookies from actually being sent to the client.
		 *
		 * @since 1.5.4
		 *
		 * @param bool $send Whether to send auth cookies to the client.
		 */
		if ( ! apply_filters( 'user_switching_send_auth_cookies', true ) ) {
			return;
		}

		setcookie( $auth_cookie_name, $auth_cookie, $expiration, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_auth_cookie, true );
		setcookie( USER_SWITCHING_OLDUSER_COOKIE, $olduser_cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure_olduser_cookie, true );
	}
Scroll to Top