Opened 19 years ago
Closed 17 years ago
#2055 closed enhancement (wontfix)
No way to "sign out" from password-protected posts/pages
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | 2.0 |
Component: | Security | Keywords: | password cookie has-patch |
Focuses: | Cc: |
Description
The postpassword cookie survives the logout process. Logout would be one good time to clear those cookies.
You don't have to be logged in to enter a password, so there needs to be an additional way to log out of password-protected posts and pages.
Attachments (3)
Change History (15)
#6
@
18 years ago
I'm not sure about this bug but I don't think your patch is the way to do things. As you say, a user doesn't have to be logged in to enter a password. That means they might not even have the option to use the logout button. The following patch adds a clear_password_link() function that could be used in a template but I'm not that sure if this is the desirable way to handle this.
#10
@
17 years ago
To see the uploaded pluggable.php working you first have to delete your cookies. It fixed the Problem on Subdomains for me.
#12
@
17 years ago
- Milestone 2.6 deleted
- Resolution set to wontfix
- Status changed from assigned to closed
- There's been no move to include this in trunk despite patches being available.
- I don't really see it as a security bug, more of a feature
- From the lack of traffic on this ticket there doesn't appear to be much call for this feature.
I'm going to close this one as WONTFIX, sorry.
2055 diff