Fix the token re-use.

WordPress · Jan 16, 2025 · db653e9 · db653e9
1 parent e9b6dbd
commit db653e9
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
@@ -2780,8 +2780,6 @@ function wp_update_user( $userdata ) {
 	$current_user = wp_get_current_user();
 	if ( $current_user->ID === $user_id ) {
 		if ( isset( $plaintext_pass ) ) {
-			wp_clear_auth_cookie();
-
 			/*
 			 * Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
 			 * If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
@@ -2790,15 +2788,20 @@ function wp_update_user( $userdata ) {
 			/** This filter is documented in wp-includes/pluggable.php */
 			$default_cookie_life = apply_filters( 'auth_cookie_expiration', ( 2 * DAY_IN_SECONDS ), $user_id, false );
 
+			wp_clear_auth_cookie();
+
 			$remember = false;
 			$token    = '';
 
+			if ( false !== $logged_in_cookie ) {
+				$token = $logged_in_cookie['token'];
+			}
+
 			if ( false !== $logged_in_cookie && ( (int) $logged_in_cookie['expiration'] - time() ) > $default_cookie_life ) {
 				$remember = true;
-				$token    = $logged_in_cookie['token'];
 			}
 
-			wp_set_auth_cookie( $user_id, $remember, $token );
+			wp_set_auth_cookie( $user_id, $remember, '', $token );
 		}
 	}