Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Only appears when there are applicable sessions which can be cleared.

See #30264. Props jorbin, ocean90, johnbillion git-svn-id: https://develop.svn.wordpress.org/trunk@30333 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-01 11:14:36 +00:00 · 2014-11-13 15:20:42 +00:00
parent c55a06370b
commit d93bad3cd3
6 changed files with 131 additions and 6 deletions
--- a/src/wp-includes/session.php
+++ b/src/wp-includes/session.php
@@ -131,6 +131,19 @@ abstract class WP_Session_Tokens {
 		$session = apply_filters( 'attach_session_information', array(), $this->user_id );
 		$session['expiration'] = $expiration;

+		// IP address.
+		if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
+			$session['ip'] = $_SERVER['REMOTE_ADDR'];
+		}
+
+		// User-agent.
+		if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
+			$session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
+		}
+
+		// Timestamp
+		$session['login'] = time();
+
 		$token = wp_generate_password( 43, false, false );

 		$this->update( $token, $session );
@@ -383,10 +396,6 @@ class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
 	 * @param array $sessions Sessions.
 	 */
 	protected function update_sessions( $sessions ) {
-		if ( ! has_filter( 'attach_session_information' ) ) {
-			$sessions = wp_list_pluck( $sessions, 'expiration' );
-		}
-
 		if ( $sessions ) {
 			update_user_meta( $this->user_id, 'session_tokens', $sessions );
 		} else {