Introduce a $token argument to wp_set_auth_cookie() so session tokens can be reused by custom authentication implementations.

Props rmccue

Fixes 30247

Built from https://develop.svn.wordpress.org/trunk@32465


git-svn-id: http://core.svn.wordpress.org/trunk@32435 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/pluggable.php

@@ -822,13 +822,15 @@ if ( !function_exists('wp_set_auth_cookie') ) :
  * set, the cookies will be kept for 14 days or two weeks.
  *
  * @since 2.5.0
+ * @since 4.3.0 Added the `$token` parameter.
  *
  * @param int $user_id User ID
  * @param bool $remember Whether to remember the user
  * @param mixed $secure  Whether the admin cookies should only be sent over HTTPS.
  *                       Default is_ssl().
+ * @param string $token  Optional. User's session token to use for this cookie.
  */
-function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
+function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
 	if ( $remember ) {
 		/**
 		 * Filter the duration of the authentication cookie expiration period.
@@ -888,8 +890,10 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
 		$scheme = 'auth';
 	}
 
-	$manager = WP_Session_Tokens::get_instance( $user_id );
-	$token = $manager->create( $expiration );
+	if ( '' === $token ) {
+		$manager = WP_Session_Tokens::get_instance( $user_id );
+		$token   = $manager->create( $expiration );
+	}
 
 	$auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
 	$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.3-alpha-32464';
+$wp_version = '4.3-alpha-32465';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.