Index: wp-includes/post-template.php =================================================================== --- wp-includes/post-template.php (revision 22928) +++ wp-includes/post-template.php (working copy) @@ -574,7 +574,9 @@ if ( empty( $post->post_password ) ) return false; - if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) + $name = "wp-postpass_{$post->ID}" . COOKIEHASH; + + if ( ! isset( $_COOKIE[ $name ] ) || $_COOKIE[ $name ] != $post->post_password ) return true; if ( empty( $wp_hasher ) ) { @@ -583,7 +585,7 @@ $wp_hasher = new PasswordHash(8, true); } - $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); + $hash = stripslashes( $_COOKIE[ $name ] ); return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); } @@ -1221,10 +1223,12 @@ */ function get_the_password_form() { $post = get_post(); - $label = 'pwbox-' . ( empty($post->ID) ? rand() : $post->ID ); + $id = empty( $post->ID ) ? rand() : $post->ID; + $label = 'pwbox-' . $id; $output = '

' . __("This post is password protected. To view it please enter your password below:") . '

+
'; return apply_filters('the_password_form', $output); Index: wp-login.php =================================================================== --- wp-login.php (revision 22928) +++ wp-login.php (working copy) @@ -396,7 +396,7 @@ } // 10 days - setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); + setcookie( 'wp-postpass_' . $_POST['id'] . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); wp_safe_redirect( wp_get_referer() ); exit();