0

I've noticed that, for example, WordPress appends what seems to be some kind of hash or random string to its wordpress_logged_in cookie, making a cookie name of, for example, wordpress_logged_in_abcdef1234, which makes accessing it from within a script less than straightforward.

Could someone please explain why this is done?

asked Mar 16, 2016 at 0:52

1 Answer 1

1

Cookie Hash

Derivation

The appended string is a hash of the site URL; refer to Understanding Wordpress Auth Cookies.

1) Cookie ID

What I’m calling the auth "cookie ID" is defined in the file default-constants.php:

if ( !defined('AUTH_COOKIE') ) define('AUTH_COOKIE', 'wordpress_'.COOKIEHASH);

It’s simply a concatenation of "wordpress_" and a value called COOKIEHASH which is also defined in the same file:

if ( !defined( 'COOKIEHASH' ) ) { $siteurl = get_site_option( 'siteurl' ); if ( $siteurl ) define ( 'COOKIEHASH', md5( $siteurl ) ); else define ( 'COOKIEHASH', '' ); }

As you can see, COOKIEHASH is nothing more than an MD5 of your site’s URL.

Purpose

As to why this is done, it probably relates to allowing multiple wordpress sites to share a domain name (with the sites in different sub-directories). Without a unique identifier, the sites would keep overriding each others' cookies.

answered Mar 16, 2016 at 1:39

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.