I’m trying to build a simple way to give access to users that I want under my account. As I see, WordPress stores two sessions ID: wordpress_logged_in_% and wordpress_. I was wondering, is there no way to force wp_signon or a core function to bypass the need for an user / password and use a cookie instead?
1 Answer
Don’t need no cookies. WordPress automatically bypasses it for you if you pass an user (the one you need to login) object, fire this function on init (I think):
$user_to_login = get_user_by( 'id', 1 );
// Check if user exists
if( $user_to_login ) {
wp_set_auth_cookie( $user_to_login->ID, False );
/**
* Fire up the login process.
*/
do_action('wp_login', $user_to_login->name, $user_to_login );
}
This is extremely rudimentary. No checks at all, nada. You must employ heavy checks as to how people use this functionality.
You’ll have to solve issues such as: caching issues (usually by setting the right header, redirection, validity, etc.) but this works.