WordPress: when I added an authenticate filter, the logout process got really slow

I need to sync my WP with an ERP right after the login button is pressed. Basically you type username and password, before WordPress does what it has to do I perform a few things.

So basically I did this:

Read More
function intercetta_login($user, $username, $password) {

    global $ecommerceFrontend;
    $ecommerceFrontend->intercetta_login($username);

    return $user;
}
add_filter( 'authenticate', 'intercetta_login', 30, 3 );

Everything works as expected, I’m completely happy with it. The problem is logging out. When this filter is ON logout takes about two minutes. When I turn this off it takes a couple of seconds (based on connection speed I don’t mind counting seconds, it’s just that 2 minutes makes me think of a problem).

I made an other test:

function intercetta_login($user) {

    $username = $user->data->user_login;

    global $ecommerceFrontend;
    $ecommerceFrontend->intercetta_login($username);

    return $user;
}   
add_filter('wp_authenticate_user', 'intercetta_login', 10, 1);  

In this case the logout process looks fine, but this is not working as I want: if a user exist on the ERP (but it doesn’t exist on WordPress) the function ends up with a login error (user dosn’t exist). I believe it’s happening later on, I need my to update things before WordPress does the normal autentication.

So question number 1 is: why my first solution works, but takes forever to logout?

Question number 2 is: why solution 2 have a wrong timing? should I use this by fixing the timing?

Thanks in advance guys!

Related posts

2 comments

  1. Possibly I found a workaround. The logoff was very slow because my function was called also during logout. I didn’t knew that, but basically I was entering my loop also during logout, and that was causing the issue. So basically I edited the code this way around:

    function intercetta_login($user, $username, $password) {
    
        if (!$_GET['loggedout']) {
    
            global $ecommerceFrontend;
            $ecommerceFrontend->intercetta_login($username);
        }
    
        return $user;
    }
    add_filter( 'authenticate', 'intercetta_login', 30, 3 );
    

    Basically during logout there is a $_GET variable set, if you exclude that variable properly you avoid entering the custom update functionality.

    It’s not awesome, but works.

    What I learned: add_filter( ‘authenticate’…) is called also during logout. Be aware of that, I took me a lot of time to figure that out.

    If anyone has a better solution feel free to answer.

  2. Filter ‘authenticate’ is called even when just visit URL with /wp-login.php.

    So better check if $username and $password are not empty in the begin of the function.

    if ($username == '' || $password == '') return $user;
    

Comments are closed.