I have two wordpress installations: a single one and a multisite with subdirectories. On both my users can logout with the url:
[URL to]/wp-login.php?action=logoutredirect_to=%2Fmydir%2F_wpnonce=[some_code]
This works on the single site without confirmation, but on the site within the multisite it doesn't. Here the user needs to confirm the logout.
How can I bypass the confirmation?
Thank you.
The structure of the urls from my Wordpress installations is
/wpone/ # Single site installation
/wptwo/ # Multisite installation with subdirectories
/wptwo/site1/
/wptwo/site2/
and so on. Furthermore, I have a directory
/site1/
on which I call via .htaccess the content of
/wptwo/site1/
When a user logs in, Wordpress set 3 cookies: wordpress_test_cookie, wordpress_logged_in and wordpress_sec. wordpress_test_cookie and wordpress_logged_in are valid only for /wptwo/site1/ and not for /site1/. This is checked during the generation of wpnonce. When I call /site1/logout/, it is not the same as /wptwo/site1/logout/. Logout via /wptwo/site1/logout/ works without confirmation.
Output the logout link with wc_logout_url() and it will be nonced and have no confirmation. The confirmation is a security measure.
You could also try adding the following to your functions.php or a plugin:
// Logout without confirmation.
function wpse_bypass_logout_confirmation() {
global $wp;
if ( isset( $wp->query_vars['customer-logout'] ) ) {
wp_redirect( str_replace( '&', '&', wp_logout_url( wc_get_page_permalink( 'myaccount' ) ) ) );
exit;
}
}
add_action( 'template_redirect', 'wpse_bypass_logout_confirmation' );
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.