{"id":168420,"date":"2023-01-10T16:58:13","date_gmt":"2023-01-10T16:58:13","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/biscotti\/"},"modified":"2026-05-16T21:38:28","modified_gmt":"2026-05-16T21:38:28","slug":"biscotti","status":"publish","type":"plugin","link":"https:\/\/tuk.wordpress.org\/plugins\/biscotti\/","author":296844,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"3.0.0","stable_tag":"3.0.0","tested":"7.0","requires":"6.0","requires_php":"8.0","requires_plugins":null,"header_name":"Biscotti","header_author":"Jason Cosper","header_description":"Biscotti makes your user's login cookie a little bit longer.","assets_banners_color":"714b39","last_updated":"2026-05-16 21:38:28","external_support_url":"","external_repository_url":"","donate_link":"http:\/\/paypal.me\/boogah","header_plugin_uri":"https:\/\/github.com\/boogah\/biscotti","header_author_uri":"https:\/\/jasoncosper.com\/","rating":5,"author_block_rating":0,"active_installs":20,"downloads":1330,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.0.2":{"tag":"2.0.2","author":"boogah","date":"2023-01-10 17:00:05"},"2.0.3":{"tag":"2.0.3","author":"boogah","date":"2023-03-23 17:55:27"},"2.1.0":{"tag":"2.1.0","author":"boogah","date":"2024-07-16 17:10:42"},"3.0.0":{"tag":"3.0.0","author":"boogah","date":"2026-05-16 21:38:28"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3079956,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3079956,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":2846291,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":2846291,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.0.2","2.0.3","2.1.0","3.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[710,389,602,435,14950],"plugin_category":[38,43],"plugin_contributors":[80079,78461],"plugin_business_model":[],"class_list":["post-168420","plugin","type-plugin","status-publish","hentry","plugin_tags-authentication","plugin_tags-cookies","plugin_tags-login","plugin_tags-profile","plugin_tags-session","plugin_category-authentication","plugin_category-customization","plugin_contributors-boogah","plugin_contributors-webaware","plugin_committers-boogah"],"banners":{"banner":"https:\/\/ps.w.org\/biscotti\/assets\/banner-772x250.jpg?rev=2846291","banner_2x":"https:\/\/ps.w.org\/biscotti\/assets\/banner-1544x500.jpg?rev=2846291","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/biscotti\/assets\/icon-128x128.png?rev=3079956","icon_2x":"https:\/\/ps.w.org\/biscotti\/assets\/icon-256x256.png?rev=3079956","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Biscotti is a plugin that modifies the expiration of the logged in user cookie in WordPress. Choose from the default WordPress expiration (14 days), three months (90 days), six months (180 days), or one year (365 days). Because some people hate to have to keep entering their passwords.<\/p>\n\n<h4>Features<\/h4>\n\n<ul>\n<li>Per-user cookie expiration settings<\/li>\n<li>Four expiration options: default, 3 months, 6 months, 1 year<\/li>\n<li>WP-CLI support for managing settings programmatically<\/li>\n<li>Fully translatable with i18n support<\/li>\n<li>Secure implementation with CSRF protection<\/li>\n<li>Clean uninstall that removes all plugin data<\/li>\n<\/ul>\n\n<h4>Security<\/h4>\n\n<p>Version 3.0.0 includes critical security improvements:\n* CSRF protection with nonce verification\n* Input validation with whitelist checking\n* Strict type comparisons throughout\n* Modern PHP 8.0+ type hints<\/p>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.0 or higher<\/li>\n<li>PHP 8.0 or higher<\/li>\n<\/ul>\n\n<h3>WP-CLI Commands<\/h3>\n\n<p>As of version 2.1.0, Biscotti includes WP-CLI commands for managing a user's logged in session cookie expiration.<\/p>\n\n<h4>Get a user's cookie expiration<\/h4>\n\n<pre><code>wp biscotti get &lt;user_id&gt;\n<\/code><\/pre>\n\n<p>Retrieves the current cookie expiration setting for a user.<\/p>\n\n<p>Example:\n    wp biscotti get 123<\/p>\n\n<h4>Set a user's cookie expiration<\/h4>\n\n<pre><code>wp biscotti set &lt;user_id&gt; &lt;expiration&gt;\n<\/code><\/pre>\n\n<p>Sets the logged in session cookie expiration for a user.<\/p>\n\n<p>Parameters:\n* <code>&lt;user_id&gt;<\/code> \u2014 The ID of the user\n* <code>&lt;expiration&gt;<\/code> \u2014 One of: <code>default<\/code>, <code>3 months<\/code>, <code>6 months<\/code>, <code>1 year<\/code><\/p>\n\n<p>Examples:\n* Set to 1 year: <code>wp biscotti set 123 '1 year'<\/code>\n* Reset to default: <code>wp biscotti set 123 default<\/code><\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>biscotti<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>Navigate to your user profile (Users \u2192 Profile) to configure your cookie expiration<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20use%20this%20plugin%3F\"><h3>How do I use this plugin?<\/h3><\/dt>\n<dd><p>Once activated, go to Users \u2192 Profile in the WordPress dashboard. You'll see a new \"Login Cookie Expiration\" section where you can choose from four options:\n* Default (14 days) - WordPress standard\n* 3 months (90 days)\n* 6 months (180 days)\n* 1 year (365 days)<\/p>\n\n<p>After changing this setting, log out and back in for the change to take effect.<\/p><\/dd>\n<dt id=\"can%20i%20set%20different%20expirations%20for%20different%20users%3F\"><h3>Can I set different expirations for different users?<\/h3><\/dt>\n<dd><p>Yes! Each user can set their own preferred cookie expiration on their individual profile page.<\/p><\/dd>\n<dt id=\"what%20happens%20to%20my%20data%20if%20i%20uninstall%20the%20plugin%3F\"><h3>What happens to my data if I uninstall the plugin?<\/h3><\/dt>\n<dd><p>Starting with version 3.0.0, Biscotti includes proper uninstall cleanup. When you delete the plugin through WordPress, all user meta data created by Biscotti will be automatically removed from your database.<\/p><\/dd>\n<dt id=\"can%20i%20manage%20this%20via%20wp-cli%3F\"><h3>Can I manage this via WP-CLI?<\/h3><\/dt>\n<dd><p>Yes! Since version 2.1.0, you can use <code>wp biscotti get<\/code> and <code>wp biscotti set<\/code> commands. See the WP-CLI Commands section for details.<\/p><\/dd>\n<dt id=\"is%20this%20plugin%20secure%3F\"><h3>Is this plugin secure?<\/h3><\/dt>\n<dd><p>Version 3.0.0 includes significant security improvements including CSRF protection, input validation, and modern security best practices. The plugin has been hardened against common vulnerabilities.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>3.0.0<\/h4>\n\n<p><strong>Major Security &amp; Feature Update<\/strong><\/p>\n\n<ul>\n<li><strong>CRITICAL SECURITY FIX:<\/strong> Added CSRF protection with nonce verification on profile form submissions<\/li>\n<li><strong>SECURITY:<\/strong> Added input validation with whitelist checking for all user inputs<\/li>\n<li><strong>SECURITY:<\/strong> Added user existence validation in WP-CLI commands<\/li>\n<li><strong>SECURITY:<\/strong> Changed all loose comparisons to strict comparisons throughout<\/li>\n<li><strong>NEW:<\/strong> Added \"Default (14 days)\" option to allow users to revert to WordPress standard expiration<\/li>\n<li><strong>NEW:<\/strong> Added full internationalization (i18n) support with text domain<\/li>\n<li><strong>NEW:<\/strong> Enhanced form descriptions with clearer explanations<\/li>\n<li><strong>NEW:<\/strong> Added uninstall.php for proper database cleanup on plugin deletion<\/li>\n<li><strong>IMPROVED:<\/strong> WP-CLI commands now have better output formatting and validation<\/li>\n<li><strong>IMPROVED:<\/strong> Added PHP 8.0+ type hints throughout codebase<\/li>\n<li><strong>IMPROVED:<\/strong> Added comprehensive PHPDoc blocks<\/li>\n<li><strong>IMPROVED:<\/strong> Form markup updated with ARIA roles for accessibility<\/li>\n<li><strong>IMPROVED:<\/strong> Code organization with constants for all magic strings<\/li>\n<\/ul>\n\n<h4>2.1.0<\/h4>\n\n<p>Added WP-CLI command. Bumped required PHP version to 8.0.<\/p>\n\n<h4>2.0.3<\/h4>\n\n<p>@webaware has decided to help make this code less awful and submitted a pull request on GitHub. This release implements their improvements.<\/p>\n\n<h4>2.0.2<\/h4>\n\n<p>Sanitize. Not escape. Ack!<\/p>\n\n<h4>2.0.1<\/h4>\n\n<p>Forgot to escape the lone <code>$_POST<\/code> in my code. Feel dumb about it. Fixed now tho.<\/p>\n\n<h4>2.0.0<\/h4>\n\n<p>Rewrite! Now, instead of forcing <em>everyone<\/em> to use the same login cookie expiration, Biscotti allows users to individually select their login cookie expiration on their profile page.<\/p>\n\n<h4>1.0.0<\/h4>\n\n<p>Initial release. Simple plugin that forced login cookie expiration for every user to 1 year.<\/p>","raw_excerpt":"Biscotti makes your user&#039;s login cookie a little bit longer.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/168420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=168420"}],"author":[{"embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/boogah"}],"wp:attachment":[{"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=168420"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=168420"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=168420"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=168420"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=168420"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/tuk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=168420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}