Title: Modifying generate_auth_cookie() ?
Last modified: November 4, 2019

---

# Modifying generate_auth_cookie() ?

 *  Resolved [porosi](https://wordpress.org/support/users/porosi/)
 * (@porosi)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/modifying-generate_auth_cookie/)
 * Hi Ali,
 * Love the plugin. I just had a question regarding modifying generate_auth_cookie().
 * I noticed that generate_auth_cookie() returns only a single cookie (wordpress_logged_in[
   hash]) and that single cookie does enable a login into the site, but we also 
   needed the other two cookies that a standard wordpress login produces (wordpress_[
   hash] – domain: /wp-admin and wordpress_[hash] – domain: /wp-content/plugins)
   so that the user can use those cookies to navigate to the admin page.
 * Without the wordpress_[hash] – domain: /wp-admin cookie, the user gets logged
   out when attempting to visit the admin pages.
 * So we added:
    “$cookie_auth = wp_generate_auth_cookie($user->ID, $expiration,‘
   secure_auth’);” to the generate_auth_cookie(), and with the ‘$cookie_auth’ variable
   we can obtain the value needed for the wordpress_[hash] – domain: /wp-admin cookie
   and keep the admin logged in.
 * So, my question is, do you think making this modification will expose our code
   to some additional security vulnerabilities? Would placing this extra cookie 
   on the user’s browser would lead to some additional security risk?
 * I thank you in advance for your response.
    -  This topic was modified 6 years, 6 months ago by [porosi](https://wordpress.org/support/users/porosi/).
    -  This topic was modified 6 years, 6 months ago by [porosi](https://wordpress.org/support/users/porosi/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [richardhaynes](https://wordpress.org/support/users/richardhaynes/)
 * (@richardhaynes)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/modifying-generate_auth_cookie/#post-12109456)
 * I need this too, thanks for posting Peter, it would be good to see this in the
   plugin itself so things don’t break if we update the plugin.
 *  Plugin Author [Ali Qureshi](https://wordpress.org/support/users/parorrey/)
 * (@parorrey)
 * [6 years, 5 months ago](https://wordpress.org/support/topic/modifying-generate_auth_cookie/#post-12231122)
 * It won’t create any issue, I will make it part of the plugin code in next update,
 * thanks for asking and posting it.
 * And sorry for replying late, WordPress forum notification are not working recently.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Modifying generate_auth_cookie() ?’ is closed to new replies.

 * ![](https://ps.w.org/json-api-user/assets/icon-256x256.png?rev=1965790)
 * [JSON API User](https://wordpress.org/plugins/json-api-user/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/json-api-user/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/json-api-user/)
 * [Active Topics](https://wordpress.org/support/plugin/json-api-user/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/json-api-user/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/json-api-user/reviews/)

 * 2 replies
 * 1 participant
 * Last reply from: [Ali Qureshi](https://wordpress.org/support/users/parorrey/)
 * Last activity: [6 years, 5 months ago](https://wordpress.org/support/topic/modifying-generate_auth_cookie/#post-12231122)
 * Status: resolved