Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Grab username from WP Cookie

by htmanning (Pilgrim)
on Mar 31, 2020 at 04:45 UTC ( #11114825=perlquestion: print w/replies, xml ) Need Help??

htmanning has asked for the wisdom of the Perl Monks concerning the following question:

Monks,

I don't know if this is possible, but I need to grab a Wordpress user's username from the cookie once they are logged in. I will pass that to another Perl based part of the site. There are 3 cookies with the username followed by some hash. I'm not having much luck finding a way to read it when I won't know the cookie name ahead of time. Any ideas?

Replies are listed 'Best First'.
Re: Grab username from WP Cookie
by Your Mother (Archbishop) on Mar 31, 2020 at 05:21 UTC

    You should show the full cookies here; you can get them out of any dev panel. It would be an egregious security error to put the user name in the cookie though so I’d be surprised if it’s there in any WP version that is even remotely modern. Passing around authentication from one codebase to another based on nothing but a cookie name or value without confirmation—secure, current, valid session lookup—would also be entirely heinous.

Re: Grab username from WP Cookie
by jcb (Parson) on Apr 01, 2020 at 01:40 UTC

    It is possible, but your Perl code will need access to the Wordpress database to look up the session. As another monk mentioned, you cannot depend on the cookie alone and must look up the user's session in the database. Cookies can be faked and trusting a username from a cookie is asking for malicious visitors to abuse your site.

      This is on a private server with no risk of data loss. It's a very simple reservations system and I'm trying to use the Wordpress login instead of making people login again. I just need the username, not the password.

      How would I look up the session without reading the cookie? Not sure how this would work.

      Thanks.

        You have to use the cookie as a search key to look up the session information wherever WordPress stores it. You need the cookie, but the cookie is an opaque token rather something you meaningfully read to extract information.

        Are you asking how to get the cookie in the first place? Is this system on the same domain, such that the user's browser will send the WordPress cookie?

Re: Grab username from WP Cookie
by bliako (Monsignor) on Apr 01, 2020 at 08:54 UTC

    not WP-specific but wouldn't one usually store a session-id (a long random string) into a cookie and then each page you navigate to asks for the cookies, extracts that session-id, and enquires the (server-side) database about the user's details?

A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://11114825]
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (3)
As of 2022-01-22 20:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (63 votes). Check out past polls.

    Notices?