February 11, 2011 
Definition:
function auth_redirect() {}
Checks if a user is logged in, if not it redirects them to the login page.
Defined filters
- secure_auth_redirect
apply_filters('secure_auth_redirect', $secure) - auth_redirect_scheme
apply_filters( 'auth_redirect_scheme', '' )
Defined actions
- auth_redirect
do_action('auth_redirect', $user_id);
Source code
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
$secure = ( is_ssl() || force_ssl_admin() );
$secure = apply_filters('secure_auth_redirect', $secure);
// If https is required and request is http, redirect
if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit();
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
}
if ( is_user_admin() )
$scheme = 'logged_in';
else
$scheme = apply_filters( 'auth_redirect_scheme', '' );
if ( $user_id = wp_validate_auth_cookie( '', $scheme) ) {
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit();
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
}
return; // The cookie is good so we're done
}
// The cookie is no good so force login
nocache_headers();
if ( is_ssl() )
$proto = 'https://';
else
$proto = 'http://';
$redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$login_url = wp_login_url($redirect, true);
wp_redirect($login_url);
exit();
}
547
A HitchHackers guide through WordPress 
Hi there;
i already asked this question at the official WP forum; but without any luck.
I just installed 3.2.1, fresh install, no plugins. My problem is that this function `auth_redirect()` will always fail at the 3rd if(), kicking me back to the login screen.
In the function code it says `if ( $user_id = wp_validate_auth_cookie( ”, $scheme) )` – but i dont see $user_id declared anywhere in this function – not via `global $user_id` and not via `$user_id = …`, or am i missing something?
Is this a bug, or where is $user_id set?
As you can see at https://hitchhackerguide.com/2011/02/12/wp_validate_auth_cookie/ the wp_validate_auth_cookie function would validate the cookie and return the user_id on success. You should try clearing your cookies, sometimes they might get messed up during development.
You could try an incognito window in Chrome to check if the cookie causes the problem.
Ah thanks,
Cookies are set in the browser, but the corresponding session files in \tmp\ are empty (0 Bytes). Think its some session issue with my webserver config here – have to set it up on Windows/IIS; but it works as expected on my other XAMPP installation.
And function wp_validate_auth_cookie() returns the $user_id – i did read that line as `if ( $user_id == …` before 🙂