you can define minutes for generating cookie. just provide the ‘seconds’ var value.
Optional ‘seconds’ var. It provided, generated cookie will be valid for that many seconds, otherwise default is for 14 days.
example:
generate cookie for 1 minute: http://localhost/api/user/generate_auth_cookie/?username=john&password=PASSWORD-HERE&seconds=60
good tip thanks. is there a way to invalidate on demand though, instead of timed event like you just descried? I need to be able to invalidate when user hits logout to reset the application’s internal state. Seems like an obvious thing to me. What happen when a user logs out of wp? doesn’t invalidate the the cookie? is there the equivalent of logout call?
unfortunately no, when the cookie is issued, it is for a time.. the normal issued cookies are not stored in db, rather written in the cookies of browser.. so in our api case, once cookie is issued for a certain time, it remains valid.
I think you can forget/destroy cookie value on logging off in your app for user so that next time user hits api for any endpoint, its cookie value is absent. so user wont be able to connect until he gets fresh cookie..
great thanks and keep up the good work.
actually one last question, what about when you get the cookie as a result of registration, how do you control the time-to-live value?
good one.. this will be updated too.
currently, you cant limit the time limit for it. I will update that this weekend. It will be same, just provide seconds var and it will use that limit.
beautiful much appreciated
