Before core version 4.0 the authentication depended only on cookies.
Starting with 4.0 core introduced its own sessions (WP_Session_Tokens) to better handle security things. Note that these are not PHP sessions, they are implemented purely by WordPress and use user meta as storage.
Unfortunately I don’t think there is any clear documentation for this feature. From quick search it was discussed and implemented in ticket #20276 Tie nonces and cookies to expirable sessions.
Related Posts:
- How can I redirect user after entering wrong password?
- How to show ‘login error’ and ‘lost password’ on my template page?
- How to prefill the username/password fields on the login page
- How do I change the language of only the login page?
- Is it possible to sign in with user_email in WordPress?
- How to use current_user_can()?
- How can i increase the login expiration length?
- Brute force attack?
- custom login page redirect to logged in user profile page
- Front-end login: Redirect user to the post they had created
- What is the purpose of logging out after WordPress upgrade?
- How to customise wp-login.php only for users who are setting a password for the first time?
- How can I test the login for an expired session?
- How to translate “wrong password” message
- I am not able to login to my wp-admin panel
- Block Logged-Out User Access to Directory Outside of WordPress using .htaccess and PHP file
- how to logout user on browser tab or window closes
- Integrate WordPress Blog with Moodle LMS
- Making a client page
- Is it possible a one click user registration with Facebook or Twitter (or other Social Networks)?
- Auto login user with link from Mail
- To be able to login as different user
- How do I Create Forums with bbpress Plugin that can only be Viewed by Logged in Users
- Add class to input form in login form
- Can’t Login to WordPress, No Data Received Error
- Restricting frontend acess based on user role otherwise redirect to login form
- Unable to access website admin page – 500 error – how to change landing page
- how to restrict user login whenever if a user puts on hold by editing wp-login action?
- “lambda_xx” on all wordpress login pages
- WordPress/Buddypress login theme function [closed]
- How to redirect to specific BLOG Dashboard (after login to Multi-Site)
- How to use a custom login template and still have it linked to the wp-login.php instead of creating a new page?
- Login again after profile update
- Redirect wp-login
- Show reCaptcha on Custom Frontend Login & Register Form [closed]
- Auto Login After Registration
- Problems with is_user_logged_in() | Function in WP
- Changed Wordress Address URL Accidently
- Generate email on meta value update
- Is the login encrypted before it is sent? If so how to do I encrypt it the same way?
- What speaks against using a custom login.php / register.php to wordpress?
- Login fail with no error
- WordPress login doesn’t work when using preview domain
- Prevent Subscriber Role to login
- Allow Access to Home Page and Login Screen but Nothing Else (unless logged in)
- How to check if user is logged into wordpress on non-wordpress pages
- How to authenticate a user with an external webservice
- Login user using wp_signon and WP_User object
- Login failed after cloning live wordpress site to local wampserver
- Reloading page with a query string upon login for admins
- Log in with email but no password
- Remove a message in login page
- Login form not saving values when login incorrect
- force login loophole
- Moving from one host to another – cannot access the dashboard
- Looking up WordPress account information from Host or php files
- I need to find which is the file that checks the DB for correct login (username, password)
- Multiple issues with Ajax login function due to browsers and cookies
- Abnormal activity at url /my-account/add-payment-method/
- Login Based on ip
- Blacklist and Whitelist on login
- URL Restrictions? Need only people who are logged in AND have a specific role (or roles) to access all pages for a site
- How to add custom authentication to wordpress login and register
- Custom failed login error messages for users based on user role?
- WordPress new version Version 5.3.2, user login not working after upgrade
- How the wordpress login and signup in react native app
- Recognize custom login page as wp-login.php
- Link Users to external login db
- WordPress password reset not working
- Change WordPress Login URL to External URL
- User does not exist
- WordPress login is now working, it just refresh the page and nothing happens.
- New user password confirmation sending wrong URL
- is_logged_in not working after login
- wp_signon() does not authenticate user guidance needed
- How to login to wordpress via Cpanel
- Redirect to previous page after login
- Why deleting/removing cookies in WordPress does not log me out from admin?
- How to use google api for wordpress login
- How to password protect pages in WordPress
- display last login date in the frontend
- User account activation links are lacking query strings
- Creating login for client / customer that will take them to customized part of site
- wp-login.php just refreshes the form fields
- Login just resets/reset password link also does not work
- WP login pages redirect to homepage (cannot login)
- How to place wp-login.php in page or page template?
- Is there any reason why there’s no “login_header” action at the login page?
- How to get rid of the username of registration form in theme my login wp plugin?
- Register and Connect links: where are they located?
- Adding A Login Fail Notice
- Give user some feedback when they land on custom login page
- How to force login after user browses for a few minutes or browses a few pages?
- Trouble logging in and/or changing password
- redirect not logged in users to specific page and redirect them back where they come from
- How to find out what’s causing (broken) ajax login
- How to put Login, Register and newsletter widget on the same page?
- Creating Custom Login Form Where Password Field is Dropdown Menu
- Unable to login my subdirectory WordPress site
- Cannot login into an old wp site. Fatal Error: Cannot create references to/from string offsets