wp_parse_auth_cookie

The timeline below displays how wordpress function wp_parse_auth_cookie has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.1

/**
 * Parses a cookie into its components.
 *
 * @since 2.7.0
 * @since 4.0.0 The `$token` element was added to the return value.
 *
 * @param string $cookie Authentication cookie.
 * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
 * @return string[]|false {
 *     Authentication cookie components. None of the components should be assumed
 *     to be valid as they come directly from a client-provided cookie value. If
 *     the cookie value is malformed, false is returned.
 *
 *     @type string $username   User's username.
 *     @type string $expiration The time the cookie expires as a UNIX timestamp.
 *     @type string $token      User's session token used.
 *     @type string $hmac       The security hash for the cookie.
 *     @type string $scheme     The cookie scheme to use.
 * }
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case 'logged_in':
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) !== 4) {
        return false;
    }
    list($username, $expiration, $token, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'token', 'hmac', 'scheme');
}

WordPress Version: 5.4

/**
 * Parses a cookie into its components.
 *
 * @since 2.7.0
 *
 * @param string $cookie Authentication cookie.
 * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
 * @return string[]|false Authentication cookie components.
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case 'logged_in':
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) !== 4) {
        return false;
    }
    list($username, $expiration, $token, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'token', 'hmac', 'scheme');
}

WordPress Version: 5.3

/**
 * Parses a cookie into its components.
 *
 * @since 2.7.0
 *
 * @param string $cookie Authentication cookie.
 * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
 * @return array|false Authentication cookie components.
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case 'logged_in':
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) !== 4) {
        return false;
    }
    list($username, $expiration, $token, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'token', 'hmac', 'scheme');
}

WordPress Version: 5.1

/**
 * Parse a cookie into its components
 *
 * @since 2.7.0
 *
 * @param string $cookie
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @return array|false Authentication cookie components
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case 'logged_in':
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) !== 4) {
        return false;
    }
    list($username, $expiration, $token, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'token', 'hmac', 'scheme');
}

WordPress Version: 4.3

/**
 * Parse a cookie into its components
 *
 * @since 2.7.0
 *
 * @param string $cookie
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @return array|false Authentication cookie components
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case "logged_in":
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) !== 4) {
        return false;
    }
    list($username, $expiration, $token, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'token', 'hmac', 'scheme');
}

WordPress Version: 4.0

/**
 * Parse a cookie into its components
 *
 * @since 2.7.0
 *
 * @param string $cookie
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @return array Authentication cookie components
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case "logged_in":
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) !== 4) {
        return false;
    }
    list($username, $expiration, $token, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'token', 'hmac', 'scheme');
}

WordPress Version: 3.9

/**
 * Parse a cookie into its components
 *
 * @since 2.7.0
 *
 * @param string $cookie
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @return array Authentication cookie components
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case "logged_in":
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) != 3) {
        return false;
    }
    list($username, $expiration, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'hmac', 'scheme');
}

WordPress Version: 3.7

/**
 * Parse a cookie into its components
 *
 * @since 2.7
 *
 * @param string $cookie
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @return array Authentication cookie components
 */
function wp_parse_auth_cookie($cookie = '', $scheme = '')
{
    if (empty($cookie)) {
        switch ($scheme) {
            case 'auth':
                $cookie_name = AUTH_COOKIE;
                break;
            case 'secure_auth':
                $cookie_name = SECURE_AUTH_COOKIE;
                break;
            case "logged_in":
                $cookie_name = LOGGED_IN_COOKIE;
                break;
            default:
                if (is_ssl()) {
                    $cookie_name = SECURE_AUTH_COOKIE;
                    $scheme = 'secure_auth';
                } else {
                    $cookie_name = AUTH_COOKIE;
                    $scheme = 'auth';
                }
        }
        if (empty($_COOKIE[$cookie_name])) {
            return false;
        }
        $cookie = $_COOKIE[$cookie_name];
    }
    $cookie_elements = explode('|', $cookie);
    if (count($cookie_elements) != 3) {
        return false;
    }
    list($username, $expiration, $hmac) = $cookie_elements;
    return compact('username', 'expiration', 'hmac', 'scheme');
}