I can see two cookies: auth and login cookies in wordpress. Why do we need two?
I think one is enough.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
“On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. It’s use is limited to the admin console area, /wp-admin/
After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.
WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.”
When in doubt, check the Codex first.
Method 2
I believe the two cookies are to do with SSL. When using the admin area you want it secure and so you cannot have the authentication cookie details always presented to everyone on your site (such as non-SSL connections). However there are times you want to be known as logged in but not using the secure connection. So by separating them you can edit your site with the auth cookie details and remain logged in across the entire site with the logged in cookie.
http://codex.wordpress.org/WordPress_Cookies
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0