WordPress authentication cookie generation using default keys

pluggable.php

<?php

if ( !function_exists('wp_generate_auth_cookie') ) :
/**
 * Generate authentication cookie contents.
 *
 * @since 2.5.0
 *
 * @param int $user_id User ID
 * @param int $expiration Cookie expiration in seconds
 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
 * @param string $token User's session token to use for this cookie
 * @return string Authentication cookie contents. Empty string if user does not exist.
 */
function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) {
  $user = get_userdata($user_id);
  if ( ! $user ) {
    return '';
  }

  if ( ! $token ) {
    $manager = WP_Session_Tokens::get_instance( $user_id );
    $token = $manager->create( $expiration );
  }

  $pass_frag = substr($user->user_pass, 8, 4);

  $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
  $hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key );

  $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;

  /**
   * Filter the authentication cookie.
   *
   * @since 2.5.0
   *
   * @param string $cookie     Authentication cookie.
   * @param int    $user_id    User ID.
   * @param int    $expiration Authentication cookie expiration in seconds.
   * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
   * @param string $token      User's session token used.
   */
  return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token );
}
endif;

?>