WordPress.org
Get WordPress

Making WordPress.org

Changeset 12556


Ignore:
Timestamp:
04/24/2023 06:20:49 AM (3 years ago)
Author:
dd32
Message:

Login: SSO: When validating SSO tokens for logging into non-wordpress.org domains, respect the session token (if present).

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r12431 r12556  
    749749            if ( $user ) {
    750750                $valid_hash = hash_equals(
    751                     $this->_generate_remote_token_hash( $user, $valid_until, $remember_me ),
     751                    $this->_generate_remote_token_hash( $user, $valid_until, $remember_me, $session_token ),
    752752                    $sso_hash
    753753                );
Note: See TracChangeset for help on using the changeset viewer.