wp_validate_logged_in_cookie() comment from source:
/**
* Validates the logged-in cookie.
*
* Checks the logged-in cookie if the previous auth cookie could not be
* validated and parsed.
*
* This is a callback for the {@see 'determine_current_user'} filter, rather than API.
*
* @since 3.9.0
*
* @param int|bool $user_id The user ID (or false) as received from the
* determine_current_user filter.
* @return int|false User ID if validated, false otherwise. If a user ID from
* an earlier filter callback is received, that value is returned.
*/
It is a default callback function for the filter hook determine_current_user used by the private function _wp_get_current_user() and some plugins.
Its default usage as defined in wp-includes/default-filters.php line 371:
add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
_wp_get_current_user()‘s use of the filter from line 2523 of wp-includes/user.php:
/**
* Filters the current user.
*
* The default filters use this to determine the current user from the
* request's cookies, if available.
*
* Returning a value of false will effectively short-circuit setting
* the current user.
*
* @since 3.9.0
*
* @param int|bool $user_id User ID if one has been determined, false otherwise.
*/
$user_id = apply_filters( 'determine_current_user', false );
In this usage wp_validate_logged_in_cookie() is passed the argument false, and would thus be forced to run wp_validate_auth_cookie() if there is a cookie and we are on the frontend.
wp_validate_auth_cookie() returns a user id if the cookie is valid.
The full source of _wp_get_current_user(), to see the above quoted apply_filters() line in context. Note that if no user id is returned to it, user id is set to an invalid 0 and immediately returned; denoting no logged in user.
function _wp_get_current_user() {
global $current_user;
if ( ! empty( $current_user ) ) {
if ( $current_user instanceof WP_User ) {
return $current_user;
}
// Upgrade stdClass to WP_User
if ( is_object( $current_user ) && isset( $current_user->ID ) ) {
$cur_id = $current_user->ID;
$current_user = null;
wp_set_current_user( $cur_id );
return $current_user;
}
// $current_user has a junk value. Force to WP_User with ID 0.
$current_user = null;
wp_set_current_user( 0 );
return $current_user;
}
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) {
wp_set_current_user( 0 );
return $current_user;
}
/**
* Filters the current user.
*
* The default filters use this to determine the current user from the
* request's cookies, if available.
*
* Returning a value of false will effectively short-circuit setting
* the current user.
*
* @since 3.9.0
*
* @param int|bool $user_id User ID if one has been determined, false otherwise.
*/
$user_id = apply_filters( 'determine_current_user', false );
if ( ! $user_id ) {
wp_set_current_user( 0 );
return $current_user;
}
wp_set_current_user( $user_id );
return $current_user;
}