From f4ae1674e8bf28f40471bb6352ece2d95498172e Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 26 Mar 2023 14:05:15 +0100
Subject: [PATCH] Increase debugging information for
 auth_cookie_bad_session_token

---
 login-debug.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/login-debug.php b/login-debug.php
index b2f67e1..cfae8f0 100644
--- a/login-debug.php
+++ b/login-debug.php
@@ -37,6 +37,14 @@ add_action('auth_cookie_bad_hash', 'debug_login_auth_cookie_bad_hash');
 function debug_login_auth_cookie_bad_session_token($cookie_elements) {
     $username = $cookie_elements['username'];
     $token = $cookie_elements['token'];
-    error_log("LOGIN: auth_cookie_bad_session_token: username={$username} token={$token}");
+
+    // Try to see if the validation fails because of session_tokens usermeta attribute.
+    $user = get_user_by('login', $username);
+    $manager = WP_Session_Tokens::get_instance( $user->ID );
+    $verifier = $manager->hash_token($token);
+    $sessions = $manager->get_sessions();
+    $session_names = implode(",", array_keys($sessions));
+
+    error_log("LOGIN: auth_cookie_bad_session_token: username={$username} token={$token} verifier={$verifier} sessions={$session_names}");
 }
 add_action('auth_cookie_bad_session_token', 'debug_login_auth_cookie_bad_session_token');
-- 
GitLab