dwindown/WooNooW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Clear auth cookies before setting new ones + trigger wp_login action

Browse Source
This commit is contained in:
dwindown
2025-11-05 10:02:40 +07:00
parent ff29f95264
commit 7c24602965
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
includes/Api/AuthController.php
View File

@@ -49,10 +49,14 @@ class AuthController {
], 403 ); ], 403 );
} }
// CRITICAL: Set auth cookie AND current user (as per WordPress best practices) // CRITICAL: Clear old cookies first, then set new ones
// This ensures session is properly established for both standalone and wp-admin // This ensures no stale session data interferes with the new login
wp_set_auth_cookie( $user->ID, true, is_ssl() ); wp_clear_auth_cookie();
wp_set_current_user( $user->ID ); wp_set_current_user( $user->ID );
wp_set_auth_cookie( $user->ID, true );
// Trigger login action (same as wp-login.php)
do_action( 'wp_login', $user->user_login, $user );
// Debug logging // Debug logging
if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {