Your problem is that you call wp_logout_url
immediately after wp_set_auth_cookie
.
wp_set_auth_cookie()
does some setcookie()
calls. Unfortunately setcookie
doesn’t make the new value available instantly in the PHP global $_COOKIE
. It must be set through a new HTTP Request first.
wp_logout_url()
(via wp_nonce_url
> wp_create_nonce
> wp_get_session_token
> wp_parse_auth_cookie
) fetches $_COOKIE[LOGGED_IN_COOKIE]
in order to create a valid nonce, not knowing that the logged in cookie has already been updated. (I’m not quite sure if we may call this a WP core bug.)
There is an action hook in wp_set_auth_cookie
named set_logged_in_cookie
, which should allow you to update the session cookie value during your ajax request.
function my_update_cookie( $logged_in_cookie ){
$_COOKIE[LOGGED_IN_COOKIE] = $logged_in_cookie;
}
add_action( 'set_logged_in_cookie', 'my_update_cookie' );