Skip to content

Security

Jump to bottom
John P. Bloch edited this page Jul 14, 2014 · 1 revision

Nonces

The WP Async Task library manages creating and validating its own nonces. It does not use core WordPress nonces because it should not be tied to a user session, rather to the task itself. Like core WordPress nonces, the library's nonces are invalidated every 24 hours and use the core wp_hash() function to generate the nonce from the time-based value, the task's action, and the name of the instance's class. Nonce validation occurs before the run_action() method is triggered and the asynchronous request will fail if the nonce validation does.

User authentication

The library passes all cookies from the original request on to the asynchronous request. If you were logged in when the async request was initiated, you will be logged in for the async request too. Thus, you can also check for things like is_user_logged_in() and current_user_can() inside your asynchronous tasks.

  1. Getting Started
  2. action
  3. prepare_data()
  4. run_action()
  5. Advanced Usage
  6. Constructor
  7. Tweaking argument counts
  8. Handling multiple action triggers per request
  9. Security
  10. Known issues and gotchas
Clone this wiki locally