#21517 closed defect (bug) (duplicate)
Password protected posts have too long lifespan
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Security | Version: | 3.4.1 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
When creating a password protected post the access permissions are stored with cookies using wp-pass.php which defaults to 10 days.
This is too long of a lifetime for a protected page as subsequent visits within that timeframe allows anyone access to the protected content.
Ideally this should be a user definable value, either set per post, or on a global level for that WP instance.
Change History (5)
This is also a viable solution, I agree, and might even be a better approach as you don't need to worry about the cookie expiring while the user is using the site.
comment:4
Viper007Bond — 10 months ago
- Resolution set to duplicate
- Status changed from new to closed
#21466 is pretty similar to this and has a patch (although maybe not the best one). Let's combine forces.
comment:5
Viper007Bond — 10 months ago
- Milestone Awaiting Review deleted
Note: See
TracTickets for help on using
tickets.
We could also just make it a session cookie, so that it expires right after the tab (or browser?) is closed.