*/
final public static function get_instance( $user_id ) {
/**
- * Filter the session token manager used.
+ * Filters the session token manager used.
*
* @since 4.0.0
*
*
* This function generates a token and stores it with the associated
* expiration time (and potentially other session information via the
- * `attach_session_information` filter).
+ * {@see 'attach_session_information'} filter).
*
* @since 4.0.0
* @access public
*/
final public function create( $expiration ) {
/**
- * Filter the information attached to the newly created session.
+ * Filters the information attached to the newly created session.
*
* Could be used in the future to attach information such as
* IP address or user agent to a session.
$session = apply_filters( 'attach_session_information', array(), $this->user_id );
$session['expiration'] = $expiration;
+ // IP address.
+ if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
+ $session['ip'] = $_SERVER['REMOTE_ADDR'];
+ }
+
+ // User-agent.
+ if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
+ $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
+ }
+
+ // Timestamp
+ $session['login'] = time();
+
$token = wp_generate_password( 43, false, false );
$this->update( $token, $session );
* @access protected
*
* @param string $verifier Verifier of the session to update.
+ * @param array $session Optional. Session. Omitting this argument destroys the session.
*/
abstract protected function update_session( $verifier, $session = null );
* @param array $sessions Sessions.
*/
protected function update_sessions( $sessions ) {
- if ( ! has_filter( 'attach_session_information' ) ) {
- $sessions = wp_list_pluck( $sessions, 'expiration' );
- }
-
if ( $sessions ) {
update_user_meta( $this->user_id, 'session_tokens', $sessions );
} else {
* @static
*/
public static function drop_sessions() {
- delete_metadata( 'user', false, 'session_tokens', false, true );
+ delete_metadata( 'user', 0, 'session_tokens', false, true );
}
}