Hello - I'm sorry to say, I don't know what was updated recently, but the site is currently operating with all up-to-date plugins, and Woo Commerce Shop Managers trying to use User Switching is now failing with 502 Bad Gateway error. Server logs aren't showing anything obvious that I can say relates to these events.

I love the fact that we can do this... however, I've recently come up with a new use case that I'm not sure is supported yet.

I'd like to allow some users to be able to switch to a specific user only. So while the ability to grant the switch_users capability can be granted to some users, that will only get me half-way to my goal. In a nutshell, I'd like to give some users the ability to switch_users but I don't want them to be able to use that capability later and switch to some other users, I want to only allow them to switch to a certain User ID. Is this possible?

In the example in your FAQ, we have access to the current user's ID that's attempting to switch users but it doesn't seem like we have access to the User ID of the user they're attempting to switch to which would have made my request possible.

~~I also cannot pass that variable through an anonymous filter function because I am getting it from an AJAX handler.~~ EDIT: Well I'll be damned! Turns out my AJAX handler was never executing because I had named it switch_to_user hahahaha. Ignore me then, the anonymous filter works just fine in the AJAX handler.

Hi,

I'm hitting the following error message on PHP 7.3.5: Use of undefined constant USER_SWITCHING_OLDUSER_COOKIE - assumed 'USER_SWITCHING_OLDUSER_COOKIE' (this will throw an Error in a future version of PHP)

That constant is defined in the plugins_loaded action, so it should be defined just fine ahead of time. Here is the relevant part of the stack, with the plugins_loaded call being run way back:

stack: Array(11)
0: "user_switching_clear_olduser_cookie()"
1: "do_action('wp_login')"
2: "xxxxxxxxxxxxxxxxxxxxxxx"
3: "apply_filters('determine_current_user')"
4: "_wp_get_current_user()"
5: "wp_get_current_user()"
6: "get_user_locale()"
7: "determine_locale()"
8: "load_plugin_textdomain()"
9: "Freemius::_load_textdomain()"
10: "do_action('plugins_loaded')"

The blanked out part above is a custom function of mine that checks for an SSO cookie and autologins the user if the cookie is valid. Here it is, simplified:

add_action('determine_current_user', function ( $user_id ) {
	$found_user = get_user_from_sso_cookie();
	if ( !empty( $found_user->ID ) ) {
		error_log( '<sso> LoggedIn: '.esc_attr( $found_user->user_email ) );
		wp_set_current_user( $found_user->ID );
		wp_set_auth_cookie( $found_user->ID );
		do_action( 'wp_login', $found_user->user_login, $found_user );
		return $found_user->ID;
	}
});

Note that the plugins works correctly apart from this error, I can still switch between users just fine, I just get this error in my logs from time to time. Ping me if you need more information, and thanks for your work on this plugin.

Cheers, Thomas

Since 3bb546800938e8ba4ef0bc1f97b50c108b9289bf the plugin uses current_user_can( 'switch_to_user', get_queried_object_id() ) and self::switch_to_url( get_queried_object() ) ) in the admin bar on author archives.

For some reason, queried_object is false in my environment when viewing an author archive and queried_object_id is 0.

This leads to a fatal error because of the strict type checking:

Uncaught TypeError: Argument 1 passed to user_switching::switch_to_url() must be an instance of WP_User, boolean given, called in /wp-content/plugins/user-switching/user-switching.php on line 487

While I am trying to figure out why this is the case (and why current_user_can( 'switch_to_user', 0 ) works), I thought I'd raise this here just in case.

It can't hurt to have some type checking before calling that function.

I'm using this plugin in a site that requires PHP Code Sniffer scans to pass before deployments. I needed to add some sanitization functions for that to happen. Can they be merged into master and released in Wordpress' repo?

Hi @johnbillion,

I'm a happy, long-time User Switching user that thought it would be neat to allow disabling the user switching on front end with a filter within the plugin so I made this pull request.

What I currently do to achieve this is the following:

<?php
function disable_user_switching_in_footer() {
    if ( array_key_exists( 'user_switching', $GLOBALS ) ) {
      remove_action( 'wp_footer', array( $GLOBALS['user_switching'], 'action_wp_footer' ) );
    }
}
add_action( 'init', 'disable_user_switching_in_footer' );

And with this change developers could do this instead:

<?php
add_filter( 'user_switching_in_footer', '__return_false' );

PS: In the diff view I can see that my indentation seems wrong compared to your code. I don't have much experience contributing to other people's projects so I hope I do this right. 😊

Hello,

We are setting the COOKIE_DOMAIN in wp-config.php to allow support for subdomains. For example:

define( 'COOKIE_DOMAIN', '.mysite.com' );

This appears to break the user switching plugin. Specifically, we receive a 404 or "could not switch users" error when trying to switch.

Do you know of any workaround for this?

Thanks! Neil

With some more backend uses of the plugin the ability to selectively allow a user to switch users is preferable to permanently or temporarily assigning the capability to users that normally wouldn't be able to.

Use Case (n=1):

A site with a front-end dashboard that allows those with administrator roles to switch between users for customer service or other administrative duties as needed.

Currently when on another user's dashboard you have to switch back to the administrator to then switch to a different user.

I've updated to 1.0 across all my sites, it's working fine on most, but on some sites when I switch into a user I see the 'Switched to...' message but there is no 'Switch back to...' link, either in the message div or in the toolbar user dropdown. The message div is also not showing the icon.

I put some error logging in there and it looks like the conditional in the user_switching_get_olduser_cookie function is always failing.

I've cleared out all cookies and tried again, but it's still not working.

I can see that the two cookies (wordpress_user_switching_HASH and wordpress_user_switching_olduser_HASH) both exist and neither is empty.

We have a user role "Shop Manager" for those who actually manage orders for customers. They do not have full admin privileges.

After 1.4.0 they did not see "Switch to" link anymore.

Long story short it turns out that their account needed "switch_users" capability which however did not exist. After we created that capability and enabled it for the user role Shop Manager they can now user Switch to feature again.

It was not at all obvious that a "switch_users" capability must be created manually in order for this functionality to work.

I'm not sure how many people would find this useful, but sometimes I wish there was an option to make the current switch permanent, e.g. in the notice displayed by user_switching::action_admin_notices().

This could be a simple link that, when clicked, calls user_switching_set_olduser_cookie() to remove information about the old user.

There could also be a new $permanent param for switch_to_user().

If such an addition doesn't sound like a good fit for the plugin, a filter inside user_switching::action_admin_notices() could already be useful to add such a link on my own.

There appears to be a bug in WordPress 6.1 which prevents the plugin translations from loading when displaying the confirmation message to a user in a language other than the current page language.

To reproduce, follow the test steps in the SwitchToEnglishCest acceptance test (which is failing on 6.1 because of this) and observe the message is output in the current page language instead of the language of the user you just switched from.

git bisect tells me that 54682 is to blame.

https://core.trac.wordpress.org/ticket/57116

As requested by audbennett on https://wordpress.org/support/topic/show-in-use/

Customers email orders to us in a shared mailbox so that anyone in the company can read the email and enter the order. However, what’s been happening a lot is that two people will get it at the same time (because outlook hasn’t marked it as “read” yet) and both of us will start entering it using the “Switch To” feature. Is it possible to set an alert on the backend “Users screen” that will alert you when someone else is already logged in as that user?

I quite like the idea of alerting a user when they attempt to switch to a user account into which somebody else is currently switched. I can see this being beneficial on sites that make heavy use of switching.

Rather than showing a message on the Users screen it should be shown at the point where the user clicks "Switch to", otherwise you'd still get a condition where two users load the Users screen in quick succession and neither are shown that another user has switched into any given account.

When a user switches, if another user is currently switched into that account then an "Are you sure?" message should be shown (probably via wp_die()) with the option to proceed or go back. The WordPress user session API can be used to check if there's another active session for the target user with a switched_from_id field present.

A slightly annoying behaviour is that when switching users from the post editing screen, the post lock isn't released and you see the "This post is being edited by X" modal, and you need to take over.

User Switching should release the post lock when switching between users from this screen.

Steps to reproduce:

• Switch to a user
• Edit a post
• Use the "Switch back" option in the user profile menu
• See the post locked modal

Ideally when the user is switched, all of the messages that get output by User Switching would be shown in the original user's language instead of the language that the user just switched to. This allows a user to switch to another user who uses a language they don't understand, and still be able to see and use User Switching's controls in their own language.

Unfortunately this is blocked by two core bugs:

• [ ] https://core.trac.wordpress.org/ticket/47547
• [x] https://core.trac.wordpress.org/ticket/39210

I'm using Bedrock which puts Wordpress in it's own subdirectory. Part of this setup is to change the site url like the following:

define('WP_SITEURL', "http://site.com/wp");

This works fine along with the user swithing plugin. However I have also defined a custom login page by implementing the login_url filter.

So instead of the built-in login page http://site.com/wp/wp-login.php my login url becomes http://site.com/login and shows a custom post with a login form.

This combination breaks the "Switch back" functionality in this plugin. The reason seems to be that the auth cookie saved by the plugin uses SITECOOKIEPATH to save the cookie. Since this value is fetched from the WP_SITEURL setting, the value becomes /wp. So the cookie is only saved in the /wp path, but my login page is in the root path. This means that the user switching auth cookie (prefixed wordpress_user_sw_) is not available in the login page and the user switch fails with a "Could not switch off." message.

Changing all instances of SITECOOKIEPATH in your plugin to COOKIEPATH fixes the problem since COOKIEPATH is fetched from the home_url setting. But I guess there is some reason for the auth cookie to be saved in SITECOOKIEPATH while the old_user cookie is saved in COOKIEPATH?

Another solution would be to add a filter in you plugin so that it was possible to override the url used for switching from wp_login_url() to something else. if you think that sounds like a good idea I'd be happy to send a pull request.

Or maybe this could be solved in some other way?