Question:
I was asked if I could modify a WordPress website so that logged in users would stay logged in for 1 day.
This regardless of whether they close the browser or restart their device. For security, they do have to log in again after a day.
To do this, I added the PHP code below to functions.php:
function custom_login_session($expiration) { $expiration = 86400 // in seconds; return $expiration; } add_filter('auth_cookie_expiration', 'custom_login_session', 99, 1);
Explanation:
WordPress uses a cookie to determine how long you can stay logged in. If you delete cookies, through a program or when you close the browser, the function “stay logged in” will not work. You will have to log in again the next time.
The above PHP code extends the duration of a session to a maximum of 1 day. A session is the time you automatically stay logged into the website.
It doesn’t work:
The only problem is that the PHP code above doesn’t work. This results in you are being immediately logged out when you, for example, stop your session by closing the browser.
Answer:
The answer is very simple.
WordPress only executes “auth_cookie_expiration()” if you check “Remember me” on the login form.
If you check the box you will stay logged in for 1 day in combination with the above PHP function. You can check this by checking the cookies in the browser’s developer toolbar. To do so, check the age of the cookie called “wordpress_logged_in_*”.
On the Internet you can find JS scripts that check the box by default. Unfortunately, there is no PHP option for it that turns on the Remember Me feature on by default.