WordPress “logged_in” cookie not removed when logging out

I’m creating the frontend of a website in React which pulls in data from a WordPress installation that I use as a backend via the WordPress API, however due to some special requirements the login form must exist as a WordPress theme, so I have three things:

Frontend in React at http://example.com
Login frontend in WordPress (theme) at http://access.example.com/login
Backend in WordPress (admin) at http://access.example.com/wp-admin

What I want is that users who login via the WordPress theme are logged in the React frontend, and when they logout from the React frontend they are logged out from the WordPress theme.

In wp-config.php I have added the following:

define( ‘COOKIE_DOMAIN’, ‘.example.com’ )

This works well: when I login via the WordPress theme, the authentication cookie wordpress_logged_in_[hash] is set for both http://example.com (the React frontend) and http://access.example.com (the WordPress theme).

The problem is, when I logout from the React frontend, the cookie doesn’t get removed. To logout, I make an API call:

function my_logout() {
register_rest_route( ‘api’, ‘/logout’, array(
‘methods’ => ‘GET’,
‘callback’ => function() {
wp_logout();
}
));
}

So, for some reason, wp_logout() isn’t working. It’s sure firing ’cause if I return something from the callback function I can see it in the response of the API call.

My hunch is that there’s a problem with the domain, however since defining COOKIE_DOMAIN as needed makes login work, I would expect logout to work accordingly. Am I missing something?

Read more here:: WordPress “logged_in” cookie not removed when logging out

Leave a Reply

Your email address will not be published. Required fields are marked *