Make WordPress Core

Opened 12 years ago

Closed 11 years ago

#21466 closed enhancement (fixed)

Allow post password cookie expiry to be customized

Reported by: viper007bond's profile Viper007Bond Owned by: nacin's profile nacin
Milestone: 3.7 Priority: lowest
Severity: minor Version: 3.4.1
Component: General Keywords: has-patch needs-refresh 3.7-early
Focuses: Cc:

Description

It'd be nice if you could customize the expiry time for the post password cookie that is set in wp-login.php?action=postpass.

The only solution right now is pretty ugly.

Attachments (1)

21466.patch (582 bytes) - added by Viper007Bond 12 years ago.

Download all attachments as: .zip

Change History (11)

#1 @Viper007Bond
12 years ago

Didn't have time to write a more detailed ticket before now and I didn't want to forget to file this. :)

Someone came up to me at the WCSF Happiness Bar and wanted to make the expiry time on the post password cookies shorter. There's no filter to control the current 10 day value and work arounds are ugly.

A simple filter on the value should do the trick.

Last edited 12 years ago by Viper007Bond (previous) (diff)

@Viper007Bond
12 years ago

#2 follow-up: @ocean90
12 years ago

time() should be added to the filter arg too, so that it's possible to set a session cookie too, see #21517.

#3 in reply to: ↑ 2 @Viper007Bond
12 years ago

Replying to ocean90:

time() should be added to the filter arg too, so that it's possible to set a session cookie too, see #21517.

Good call.

#4 follow-up: @scribu
12 years ago

We should just make the cookie expire at the end of the session. See #21517

#5 in reply to: ↑ 4 @Viper007Bond
12 years ago

Replying to scribu:

We should just make the cookie expire at the end of the session. See #21517

I agree -- much better from a security standpoint, but I also think we should still have a filter for those that prefer a non-session cookie like it is now.

#6 follow-up: @Clorith
12 years ago

Agreed, considering this feature has been cookie dependent for so long many users may have built their themes/sites around it and cookie mode should then either be deprecated gracefully with backwards compability for a while, or included as a possibility for them in general.

#7 in reply to: ↑ 6 @Viper007Bond
12 years ago

It would still use cookies but rather than expiring after X hours/days, it would expire when the user closed their browser.

So no actual functionality change or removing the cookie, just an expiry change.

#8 @SergeyBiryukov
11 years ago

  • Keywords has-patch needs-refresh 3.7-early added
  • Milestone changed from Awaiting Review to Future Release

Needs a refresh after [21996]. See also comment:2.

#9 @wonderboymusic
11 years ago

  • Milestone changed from Future Release to 3.7

these are all marked 3.7-early

#10 @nacin
11 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 25450:

Introduce post_password_expires filter to control the expiration of the post password cookie.

props Viper007Bond for initial patch.
fixes #21466.

Note: See TracTickets for help on using tickets.