logout - wp_logout() changes in WordPress 5.1.1

admin管理员组

文章数量:1025512

We've recently just upgraded our WordPress site to 5.1.1

After the upgrade, we've started encountering issues when executing the wp_logout() function of WordPress. Somehow we're getting a 302 response but there is no error/warning being shown.

I've narrowed it inside the wp_logout() and determined that both wp_destroy_current_session(); and wp_clear_auth_cookie(); are working fine!

This means that the error happens when the last line in wp_logout() is called:

do_action( 'wp_logout' );

My question is:

Is it possible to for external plugins to somehow corrupt the wp_logout action with functions that can break the flow and give a 302 or is there anything in 5.1.1 that affected wp_logout somehow?

We've recently just upgraded our WordPress site to 5.1.1

After the upgrade, we've started encountering issues when executing the wp_logout() function of WordPress. Somehow we're getting a 302 response but there is no error/warning being shown.

I've narrowed it inside the wp_logout() and determined that both wp_destroy_current_session(); and wp_clear_auth_cookie(); are working fine!

This means that the error happens when the last line in wp_logout() is called:

do_action( 'wp_logout' );

My question is:

Is it possible to for external plugins to somehow corrupt the wp_logout action with functions that can break the flow and give a 302 or is there anything in 5.1.1 that affected wp_logout somehow?

• logout

Share Improve this question edited Apr 2, 2019 at 14:36 Fayaz 9,01722 gold badges3333 silver badges5151 bronze badges asked Apr 2, 2019 at 14:26 jkvgojkvgo 2911 bronze badge 3

• Welcome to WordPress StackExchange! I'd try to narrow this down in a copy of the affected site. Switch of plugins one by one and retest. – norman.lol Commented Apr 2, 2019 at 14:36
• 1 302 is used at times to redirect users – Tom J Nowell ♦ Commented Apr 2, 2019 at 14:52
• Well yes. add_action( 'wp_logout', function() { wp_redirect( home_url() ); die(); }); would do it. – Rup Commented Apr 2, 2019 at 15:22

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

A lot has changed in 5.1/5.1.1, but the changes I'm seeing in WordPress core wouldn't cause 302 redirects on their own.

1. wp_logout is pluggable

wp_logout is a pluggable function. That means anyone can override this function and cause it to do something different because the function is wrapped in a condition checking for other functions with the same name. Here's the contents of wp_logout:

if ( ! function_exists( 'wp_logout' ) ) :
    wp_destroy_current_session();
    wp_clear_auth_cookie();

    /**
     * Fires after a user is logged-out.
     *
     * @since 1.5.0
     */
    do_action( 'wp_logout' );
endif;

2. wp_logout calls a do_action hook

The last part of the function is calling a do_action which anyone can use to add to the function, including redirects.

3. wp_logout calls other functions

wp_logout calls wp_destroy_current_session and wp_clear_auth_cookie. Either of these could complicate things as well. wp_destroy_current_session is able to be modified to use other systems like Redis storage or other methods via the session_token_manager filter. wp_clear_auth_cookie is a pluggable function and also has a do_action hook.

So, to answer your question...

WordPress 5.1.1 didn't change anything that would cause a call to wp_logout() to throw a 302 redirect, but there are plenty of opportunities for other plugins or themes to cause this to occur.

We've recently just upgraded our WordPress site to 5.1.1

After the upgrade, we've started encountering issues when executing the wp_logout() function of WordPress. Somehow we're getting a 302 response but there is no error/warning being shown.

I've narrowed it inside the wp_logout() and determined that both wp_destroy_current_session(); and wp_clear_auth_cookie(); are working fine!

This means that the error happens when the last line in wp_logout() is called:

do_action( 'wp_logout' );

My question is:

Is it possible to for external plugins to somehow corrupt the wp_logout action with functions that can break the flow and give a 302 or is there anything in 5.1.1 that affected wp_logout somehow?

We've recently just upgraded our WordPress site to 5.1.1

After the upgrade, we've started encountering issues when executing the wp_logout() function of WordPress. Somehow we're getting a 302 response but there is no error/warning being shown.

I've narrowed it inside the wp_logout() and determined that both wp_destroy_current_session(); and wp_clear_auth_cookie(); are working fine!

This means that the error happens when the last line in wp_logout() is called:

do_action( 'wp_logout' );

My question is:

Is it possible to for external plugins to somehow corrupt the wp_logout action with functions that can break the flow and give a 302 or is there anything in 5.1.1 that affected wp_logout somehow?

• logout

Share Improve this question edited Apr 2, 2019 at 14:36 Fayaz 9,01722 gold badges3333 silver badges5151 bronze badges asked Apr 2, 2019 at 14:26 jkvgojkvgo 2911 bronze badge 3

• Welcome to WordPress StackExchange! I'd try to narrow this down in a copy of the affected site. Switch of plugins one by one and retest. – norman.lol Commented Apr 2, 2019 at 14:36
• 1 302 is used at times to redirect users – Tom J Nowell ♦ Commented Apr 2, 2019 at 14:52
• Well yes. add_action( 'wp_logout', function() { wp_redirect( home_url() ); die(); }); would do it. – Rup Commented Apr 2, 2019 at 15:22

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

A lot has changed in 5.1/5.1.1, but the changes I'm seeing in WordPress core wouldn't cause 302 redirects on their own.

1. wp_logout is pluggable

wp_logout is a pluggable function. That means anyone can override this function and cause it to do something different because the function is wrapped in a condition checking for other functions with the same name. Here's the contents of wp_logout:

if ( ! function_exists( 'wp_logout' ) ) :
    wp_destroy_current_session();
    wp_clear_auth_cookie();

    /**
     * Fires after a user is logged-out.
     *
     * @since 1.5.0
     */
    do_action( 'wp_logout' );
endif;

2. wp_logout calls a do_action hook

The last part of the function is calling a do_action which anyone can use to add to the function, including redirects.

3. wp_logout calls other functions

wp_logout calls wp_destroy_current_session and wp_clear_auth_cookie. Either of these could complicate things as well. wp_destroy_current_session is able to be modified to use other systems like Redis storage or other methods via the session_token_manager filter. wp_clear_auth_cookie is a pluggable function and also has a do_action hook.

So, to answer your question...

WordPress 5.1.1 didn't change anything that would cause a call to wp_logout() to throw a 302 redirect, but there are plenty of opportunities for other plugins or themes to cause this to occur.

本文标签： logoutwplogout() changes in WordPress 511