In Magic Login, the lifespan of login links can be crucial for maintaining both usability and security. By default, Magic Login sets a standard token TTL (Time To Live) for all users. However, there might be scenarios where different users require different token lifespans based on their roles or capabilities. To handle such cases, Magic Login provides a filter magic_login_token_ttl_by_user that allows you to adjust the TTL dynamically.
Using the Filter #
magic_login_token_ttl_by_user filter allows you to change the token TTL based on user-specific conditions. The following example demonstrates how to adjust the token TTL for users based on their capabilities:
add_filter( 'magic_login_token_ttl_by_user', function ( $ttl, $user_id ) {
// Check if the user has the 'update_core' capability
if ( user_can( $user_id, 'update_core' ) ) {
return 5; // Set a custom TTL of 5 minutes for users who can update the core
}
return $ttl; // Return the default TTL for other users
}, 10, 2 );
Parameters #
$ttl(int): The default token TTL value.$user_id(int): The ID of the user for whom the token is being generated.
Description #
In the provided code snippet, the function checks if the user has the update_core capability—a capability generally assigned to administrators. If the user has this capability, the function sets a custom TTL of 5 minutes. This adjustment ensures that more privileged users have a shorter token lifespan, potentially tightening security where necessary.
For users without the update_core capability, the filter returns the default TTL, ensuring that regular users experience standard login behavior.
Hooking to the Filter #
To incorporate this filter, add the provided PHP code snippet to your theme’s functions.php file or a site-specific plugin. This setup will ensure the custom TTL logic is executed during the Magic Login process.