As the title states, I’m wondering how long users stay logged in if they don’t check the “Remember Me” option. I’ve heard that if they DO check it, it keeps them logged in for 14 days.
But what if they don’t? I’ve tried closing my browser and opening it back up, but the user stays logged in…so it doesn’t seem like it’s soley a session thing.
1 Answer
Take a look at the source:
832 if ( $remember ) {
833 /**
834 * Filter the duration of the authentication cookie expiration period.
835 *
836 * @since 2.8.0
837 *
838 * @param int $length Duration of the expiration period in seconds.
839 * @param int $user_id User ID.
840 * @param bool $remember Whether to remember the user login. Default false.
841 */
842 $expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );
843
844 /*
845 * Ensure the browser will continue to send the cookie after the expiration time is reached.
846 * Needed for the login grace period in wp_validate_auth_cookie().
847 */
848 $expire = $expiration + ( 12 * HOUR_IN_SECONDS );
849 } else {
850 /** This filter is documented in wp-includes/pluggable.php */
851 $expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
852 $expire = 0;
853 }
Ir “remember” is checked you have 14 * DAY_IN_SECONDS, line 842. If not, you have 2 * DAY_IN_SECONDS, line 851.
Note that that function is pluggable and the auth_cookie_expiration filter can be used to alter both values.