Cookies, or even HTML5 local storage, seem like a good way to implement this. Here’s some basic code that could serve as a starting point. Post IDs are stored as CSV in the cookie. // Load current favourite posts from cookie $favposts = (isset($_COOKIE[‘favposts’])) ? explode(‘,’, (string) $_COOKIE[‘favposts’]) : array(); $favposts = array_map(‘absint’, $favposts); // … Read more
AFAIK URL encoding the cookie value is still kind of a defacto standard, it’s an ancient relict based on the old, ugly Netscape cookie specs, that basically says that semicolons, commas and whitespaces are disallowed, and should be encoded, for example using URL encoding. Neither does it does it require enocding, nor does it force … Read more
Try setting $experation to a negative integer: function myplugin_cookie_expiration( $expiration, $user_id, $remember ) { return $remember ? $expiration : -600; } add_filter( ‘auth_cookie_expiration’, ‘myplugin_cookie_expiration’, 99, 3 ); From the w3schools PHP page on cookies: <?php // set the expiration date to one hour ago setcookie(“user”, “”, time()-3600); ?>
What my ultimate goal is, other plugins be it infected(backdoor etc) or not cannot access the username/password/mail of my email, that is the main part of the question. The only way to be sure of this is to not store them in a manner than can be automatically decrypted in the database/filesystem – which is … Read more
Note! This code was not tested! <?php function my_visitor_cookie($post_id) { if ( empty($post_id) ) { global $post; $post_id = $post->ID; } // get post meta $count = get_post_meta($post_id, ‘unique_post_visits’, true); // if there was no meta value if( empty($count) ) { $count = 0; } // check if cookie was already set (cookie name for … Read more
This maybe just a personal distinction but I consider: data validation to mean is the data ‘correct’? Is it what we expect? data sanitisation to mean is the data *safe to use * Though there can be some blurring, typically data validation will only occur when a user-input is taken, or some data is obtained … Read more
What you found is actually perfectly accurate. With WP’s commitment to backwards compatibility it’s not that common for thing to stop working. This filter is used in wp_set_auth_cookie() to calculate the duration. Resulting value is used in PHP’s setcookie(). There is no mention of specifics limits in documentation, so in practice the value is limited … Read more
The function wp_logout (https://github.com/WordPress/WordPress/blob/master/wp-includes/pluggable.php#L564) calls the function wp_clear_auth_cookie (https://github.com/WordPress/WordPress/blob/master/wp-includes/pluggable.php#L928) which sets the expiration dates of all involved cookies to something in the past. Also for the LOGGED_IN_COOKIE. Hence, what you observe is strange. For sites that I maintain, the cookie will be cleared when I log out.
In W3TC you can specify files or cookies that are ignored and not cached. Exclude Files from Cache To do this go to WordPress Admin > Performance > Page Cache In the screenshot … you will see I’ve added custom sidebars from a Twenty-Eleven theme. These are excluded from being cached. You can also specify … Read more
Why are you building a seperate user system in the first place? The wordpress builtin system is pretty flexible. In theory all the login functions like wp_set_auth_cookie(), wp_generate_auth_cookie(), wp_parse_auth_cookie() etc. are all pluggable functions. Which means you can replace them with your own custom functions. But to be realistic, it will be a lot of … Read more