From 11891f9eab035944e8845625c5e674a474c5cf7b Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 26 Mar 2023 21:59:04 +0100
Subject: [PATCH] Debug session_tokens without using protected functions

---
 login-debug.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/login-debug.php b/login-debug.php
index cfae8f0..c2345a0 100644
--- a/login-debug.php
+++ b/login-debug.php
@@ -41,8 +41,9 @@ function debug_login_auth_cookie_bad_session_token($cookie_elements) {
     // Try to see if the validation fails because of session_tokens usermeta attribute.
     $user = get_user_by('login', $username);
     $manager = WP_Session_Tokens::get_instance( $user->ID );
-    $verifier = $manager->hash_token($token);
-    $sessions = $manager->get_sessions();
+    $verifier = hash('sha256', $token);
+    //$sessions = $manager->get_sessions();
+    $sessions = get_user_meta($user->ID, 'session_tokens', true);
     $session_names = implode(",", array_keys($sessions));
 
     error_log("LOGIN: auth_cookie_bad_session_token: username={$username} token={$token} verifier={$verifier} sessions={$session_names}");
-- 
GitLab