wp_logout() changes in WordPress 5.1.1

We’ve recently just upgraded our WordPress site to 5.1.1

After the upgrade, we’ve started encountering issues when executing the wp_logout() function of WordPress. Somehow we’re getting a 302 response but there is no error/warning being shown.

I’ve narrowed it inside the wp_logout() and determined that both wp_destroy_current_session(); and wp_clear_auth_cookie(); are working fine!

This means that the error happens when the last line in wp_logout() is called:

do_action( 'wp_logout' );

My question is:

Is it possible to for external plugins to somehow corrupt the wp_logout action with functions that can break the flow and give a 302 or is there anything in 5.1.1 that affected wp_logout somehow?

1 Answer
1

A lot has changed in 5.1/5.1.1, but the changes I’m seeing in WordPress core wouldn’t cause 302 redirects on their own.

1. wp_logout is pluggable

wp_logout is a pluggable function. That means anyone can override this function and cause it to do something different because the function is wrapped in a condition checking for other functions with the same name. Here’s the contents of wp_logout:

if ( ! function_exists( 'wp_logout' ) ) :
    wp_destroy_current_session();
    wp_clear_auth_cookie();

    /**
     * Fires after a user is logged-out.
     *
     * @since 1.5.0
     */
    do_action( 'wp_logout' );
endif;

2. wp_logout calls a do_action hook

The last part of the function is calling a do_action which anyone can use to add to the function, including redirects.

3. wp_logout calls other functions

wp_logout calls wp_destroy_current_session and wp_clear_auth_cookie. Either of these could complicate things as well. wp_destroy_current_session is able to be modified to use other systems like Redis storage or other methods via the session_token_manager filter. wp_clear_auth_cookie is a pluggable function and also has a do_action hook.

So, to answer your question…

WordPress 5.1.1 didn’t change anything that would cause a call to wp_logout() to throw a 302 redirect, but there are plenty of opportunities for other plugins or themes to cause this to occur.

Leave a Comment