This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Cookie Tasting


This plugin sets user cookie when user is logged in.
You can use cookie as data store,
so you can use it as UI resource.


This plugin adds class to html element.

  • ct-logged-in The current user is logged in.
  • ct-not-logged-in The current user is anonymous.

You can control elements visibility with CSS.

  display: none;
.ct-logged-in .some-element{
  display: block;

From JavaScript

You can use Global Object CookieTasting for utility.

  • CookieTasting.userName() Returns user name. If not logged in, returns ‘Guest’.
  • CookieTasting.lastUpdated() Returns timestamp of last log in check. If this equals 0, it means that user is anonymous.

Besides that, this plugin checks periodically log-in status.
You can handle it with jQuery.

jQuery( document ).on( 'cookie.tasting', function( event, response ) {
  if ( response.login ) {
    // User is logged in.
    // If you use React...
    setAttributes({ name: CookieTasting.userName() })
  } else {
    // User is not logged in.
} );

If you use react or something, updated the status with setState().

Check Before Action

If you manage cached WordPress and customizing your own theme,
It’s a good idea to implement dynamic UI components with JavaScript.

You can check user’s credential just before important actions.

// Click action for button.
$('.read-more').click( function( e ) {
  // Check cookie before do something.
  CookieTasting.testBefore().then( function( response ) {
    // Now user has fresh information.
    // Load premium contents.
  }).catch( function( response ) {
    // This user is not logged in.
    // Redirect them to login page.
    window.locaion.href = '/wp-login.php';
  } );
} );

Plese remember adding dependency for cookie-tasting-heartbeat to your script.

Handle UUID

By default, this plugin set UUID for each user. This will be…

  • Unique for each logged in user and will be saved as user_meta.
  • Also kept for anonymous user.

So you can use it for Google Analytic’s User ID View.

const uuid = CookieTasting.get( 'uuid' );
// For Google Analytics.
ga( 'set', "userId", uid );


  • Download zip file and unpack it.
  • Upload the directory to wp-content/plugins.
  • Go to WordPress admin screen and activate this plugin.

Recommendation: Search on WordPress admin screen and install it.


How to Contribute

This plugin is hosted on Github.
Please feel free to make issue or send pull requests.


Read all 1 review

Contributors & Developers

“Cookie Tasting” is open source software. The following people have contributed to this plugin.


“Cookie Tasting” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Cookie Tasting” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Display console.log only if SCRIPT_DEBUG is true.


  • Bugfix: Add polyfil for Object.assign in favor of lte IE11.
    (Props @Kamata Ryo).


  • Bugfix nonce refreshing for cached page.


  • Add filter for Cookie check API. Now you can change error message.


  • Fix UUID logic.
  • Add automatic refresh for rewrite rules.


  • Fix SSL bug.


  • Fix fatal error. vendor directory was missing.


  • Update nonce for @wordpress/wp-api-featch and wpApiSettings of wp-api.
  • Change REST API endpoit because it requires COOKIES properly set. The endpoint wp-json/cookie/v1/nonce is pseudo and it’s not REST API actually, so you can refresh nonce with this endpoint. Normally, this refresh will be executed automatically, but if you get “rest_cookie_invalid_nonce”, try updating permalink from “Setting > Permalink”. Just click “Save” and that’s it.
  • UUID will be set for current user. It’s userful for tracking.


  • Add filter to cookie detection API.


  • Bugfix: if home url is not SSL, cookie $secure flag is now false.
    But we sincerely recommend protecting your site under SSL.


  • Initial release.