Or does this break the purpose of the nonce, which I admint I don’t quite understand it? 🙂
For example on two ajax requests that run on page load, or when something is clicked:
$.ajax({
type: 'post',
url: 'admin-ajax.php',
data: { action: 'foo',
_ajax_nonce: '<?php echo $nonce; ?>' }
});
$.ajax({
type: 'post',
url: 'admin-ajax.php',
data: { action: 'foo2',
_ajax_nonce: '<?php echo $nonce; ?>' }
});
The WordPress nonce creation function is to be called only on the init hook:
Use the init or any subsequent action to call this function. Calling
it outside of an action can lead to troubles. See #14024 for details.
Since the init hook “runs after WordPress has finished loading but before any headers are sent”, nonces are created on every full-page request (not ajax request).
So, technically, you can use the same nonce on multiple requests, but you should make them unique on each request, as other answers have pointed out.
To shed some more light about what nonces are:
Nonces are sent on each Ajax request as a security token, to ensure the request was intended by the user.
