WordPress.org

Make WordPress Core

Opened 21 months ago

Closed 7 months ago

#21466 closed enhancement (fixed)

Allow post password cookie expiry to be customized

Reported by: Viper007Bond Owned by: nacin
Milestone: 3.7 Priority: lowest
Severity: minor Version: 3.4.1
Component: General Keywords: has-patch needs-refresh 3.7-early
Focuses: Cc:

Description

It'd be nice if you could customize the expiry time for the post password cookie that is set in wp-login.php?action=postpass.

The only solution right now is pretty ugly.

Attachments (1)

21466.patch (582 bytes) - added by Viper007Bond 21 months ago.

Download all attachments as: .zip

Change History (11)

comment:1 Viper007Bond21 months ago

Didn't have time to write a more detailed ticket before now and I didn't want to forget to file this. :)

Someone came up to me at the WCSF Happiness Bar and wanted to make the expiry time on the post password cookies shorter. There's no filter to control the current 10 day value and work arounds are ugly.

A simple filter on the value should do the trick.

Last edited 21 months ago by Viper007Bond (previous) (diff)

Viper007Bond21 months ago

comment:2 follow-up: ocean9021 months ago

time() should be added to the filter arg too, so that it's possible to set a session cookie too, see #21517.

comment:3 in reply to: ↑ 2 Viper007Bond21 months ago

Replying to ocean90:

time() should be added to the filter arg too, so that it's possible to set a session cookie too, see #21517.

Good call.

comment:4 follow-up: scribu21 months ago

We should just make the cookie expire at the end of the session. See #21517

comment:5 in reply to: ↑ 4 Viper007Bond21 months ago

Replying to scribu:

We should just make the cookie expire at the end of the session. See #21517

I agree -- much better from a security standpoint, but I also think we should still have a filter for those that prefer a non-session cookie like it is now.

comment:6 follow-up: Clorith21 months ago

Agreed, considering this feature has been cookie dependent for so long many users may have built their themes/sites around it and cookie mode should then either be deprecated gracefully with backwards compability for a while, or included as a possibility for them in general.

comment:7 in reply to: ↑ 6 Viper007Bond21 months ago

It would still use cookies but rather than expiring after X hours/days, it would expire when the user closed their browser.

So no actual functionality change or removing the cookie, just an expiry change.

comment:8 SergeyBiryukov12 months ago

  • Keywords has-patch needs-refresh 3.7-early added
  • Milestone changed from Awaiting Review to Future Release

Needs a refresh after [21996]. See also comment:2.

comment:9 wonderboymusic9 months ago

  • Milestone changed from Future Release to 3.7

these are all marked 3.7-early

comment:10 nacin7 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 25450:

Introduce post_password_expires filter to control the expiration of the post password cookie.

props Viper007Bond for initial patch.
fixes #21466.

Note: See TracTickets for help on using tickets.