I need to be able to validate the session integrity from an external app. I can’t find where is the session stored in wordpress?
I built a restful app that will receive the session token as a header and I would like to be able to load the user associdated to that session. Is that possible? I’m sure it is, I just can’t find anywhere. I tried to lookup the code but I get lost quickly.. Anyone can at least point me in which table I should check?
How WordPress stores cookies (client-side, as @birgire stated):
https://codex.wordpress.org/WordPress_Cookies
I doubt this will ever work from a separate subdomain as the cookie domain is usually fully-qualified to the WordPress siteurl (someone feel free to correct me.)
If you were doing it with another app on the same domain, you’d need to make use of the wp_validate_auth_cookie() function (in wp-includes/pluggable.php) – that looks at $_COOKIES, generates a hash from the user’s database record and checks if it matches the cookie. If it does, you get their user ID back.
