Why WordPress not logout after I have close my browser?

The default login cookie has expiry time as "session", so suppose when I close my browser, I need to login again when I visit wp-admin.

But I've found that serveral time I've closed my browser (kill the chrome manually), and when I come back I still able to login without login.

What would be the reason?

Update: Only chrome has this issue, Firefox / Safrai are okay.

I tested under Mac, close the browser fist and additional Quit the app to make sure the browser is not running. Both FF/Safrai will require me to login again, but Chrome still saved the session after I closed and browser and Quit-ed the app.

Topic session cookies wp-admin security login Wordpress

Category Web

1
answered at

I used this code in wordpress functions.php, to auto logout customer/user after payment in woocommerce or close the browser

function logged_in( $expirein ) {
   return 6; // 6 in seconds
}
add_filter( 'auth_cookie_expiration', 'logged_in' );

function wp_logout2() {
    wp_destroy_current_session();
    wp_clear_auth_cookie();

    /**
     * Fires after a user is logged-out.
     *
     * @since 1.5.0
     */
    do_action( 'wp_logout2' );
}

function wpse108399_change_cookie_logout( $expiration, $user_id, $remember ){
    if( $remember && user_can( $user_id, 'administrator' ) ){
        $expiration = 604800;// yes, I know this is 1 minute
    }
    if( $remember && user_can( $user_id, 'editor' ) ){
        $expiration = 604800;// yes, I know this is 1 minute
    }
    }
    return $expiration;
}
add_filter( 'auth_cookie_expiration','wpse108399_change_cookie_logout', 10, 3 );

/**
 * Bypass logout confirmation.
 */
function iconic_bypass_logout_confirmation() {
    global $wp;

    if ( isset( $wp->query_vars['customer-logout'] ) ) {
            wp_redirect( str_replace( '&', '&', wp_logout_url( wc_get_page_permalink( 'myaccount' ) ) ) );
        exit;
    }
}

add_action( 'template_redirect', 'iconic_bypass_logout_confirmation' );

A part of this code it's for increase expiration time to administrators of wordpress or other kinds of user 

function wpse108399_change_cookie_logout( $expiration, $user_id, $remember ){
    if( $remember && user_can( $user_id, 'administrator' ) ){
        $expiration = 604800;// yes, I know this is 1 minute
    }
    if( $remember && user_can( $user_id, 'editor' ) ){
        $expiration = 604800;// yes, I know this is 1 minute
    }
    }
    return $expiration;
}
add_filter( 'auth_cookie_expiration','wpse108399_change_cookie_logout', 10, 3 );

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.