Changeset 61188

Timestamp:

11/10/2025 02:11:24 AM (4 months ago)

Author:

peterwilsoncc

Message:

Docs: Clarify behavior in wp_set_auth_cookie().

Clarifies how long authentication cookies are set for when setting the $remember parameter.

Props johnbillion, khoipro, rollybueno, shailu25, siliconforks, wildworks, zodiac1978.
Fixes #63230.

File:

• trunk/src/wp-includes/pluggable.php (modified) (1 diff)

trunk/src/wp-includes/pluggable.php

@@ -1048 +1048 @@
 if ( ! function_exists( 'wp_set_auth_cookie' ) ) :
     /**
-     * Sets the authentication cookies based on user ID.
-     *
-     * The $remember parameter increases the time that the cookie will be kept. The
-     * default the cookie is kept without remembering is two days. When $remember is
-     * set, the cookies will be kept for 14 days or two weeks.
+     * Sets the authentication cookies for a given user ID.
+     *
+     * The `$remember` parameter controls cookie persistence:
+     * - If true, the cookie is persistent (default 14 days, filterable via {@see 'auth_cookie_expiration'}).
+     * - If false, the cookie is a browser session cookie (expires when the browser closes).
+     *   Internally, {@see 'auth_cookie_expiration'} is still applied, to expire the login after
+     *   two days or when the browser is closed, whichever occurs first.
      *
      * @since 2.5.0