Popular Search shortcodethehookredirectapi
View Categories

Customizing Login Session Duration

The Magic Login plugin makes logging in easy by using “magic links” instead of passwords. When a user logs in, their login session duration— the amount of time they stay logged in without needing to log in again — is controlled by a feature in WordPress called auth_cookie_expiration. This guide explains what login session duration is and how you can customize it for your site.

What is Login Session Duration? #

Login session duration is the amount of time a user stays logged in after using the magic link. Magic Login sets this duration automatically, ensuring users can stay logged in for a convenient amount of time. Developers or site administrators can customize how long users stay logged in by using WordPress’s built-in settings.

How Does Magic Login Handle Session Duration? #

By default, Magic Login sets the login session as if the “Remember Me” option is checked. This means users stay logged in longer, providing a smooth experience. However, you can adjust this duration based on your needs.

Customizing Login Session Duration with a Filter #

WordPress allows developers to customize login session durations with a special filter called auth_cookie_expiration. This filter lets you change how long users stay logged in, based on specific conditions like their preferences or user role.

The filter provides three pieces of information you can use:

  • $expiration: The default duration of the login session (in seconds).
  • $user_id: The ID of the user logging in.
  • $remember: Whether the “Remember Me” option is considered active.

Example: Adjusting Session Duration
Here’s how you can customize the login session duration by adding this code to your theme’s functions.php file or a custom plugin:

add_filter( 'auth_cookie_expiration', 'my_custom_cookie_expiration', 10, 3 );
function my_custom_cookie_expiration( $expiration, $user_id, $remember ) {
    // Extend session to 3 months if "Remember Me" is active
    if ( $remember ) {
        return 3 * MONTH_IN_SECONDS; // 3 months
    }

    // Otherwise, set session duration to 1 month
    return MONTH_IN_SECONDS; // 1 month
}

Example: Different Durations for Admins

add_filter( 'auth_cookie_expiration', 'role_based_cookie_expiration', 10, 3 );
function role_based_cookie_expiration( $expiration, $user_id, $remember ) {
    $user = get_userdata( $user_id );

    // Shorter duration for administrators
    if ( in_array( 'administrator', (array) $user->roles ) ) {
        return 7 * DAY_IN_SECONDS; // 1 week
    }

    // Default for all other users
    return $remember ? 3 * MONTH_IN_SECONDS : MONTH_IN_SECONDS;
}

Why Customize Login Session Duration? #

Here are some reasons you might want to adjust the session duration:

  1. User Experience: Let users stay logged in longer for convenience.
  2. Security: Shorten session durations for sensitive accounts, like administrators.
  3. Business Needs: Match session lengths to your site’s use cases, such as frequent or occasional logins.

How to Test Your Changes #

  1. Add the filter code to your site.
  2. Log in as a user and confirm the session duration matches your settings.
  3. Use browser tools to check the expiration date of the login cookie.

Was this guide helpful for you?