WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 23 months ago

#21466 closed enhancement (fixed)

Allow post password cookie expiry to be customized

Reported by: Viper007Bond Owned by: nacin
Milestone: 3.7 Priority: lowest
Severity: minor Version: 3.4.1
Component: General Keywords: has-patch needs-refresh 3.7-early
Focuses: Cc:

Description

It'd be nice if you could customize the expiry time for the post password cookie that is set in wp-login.php?action=postpass.

The only solution right now is pretty ugly.

Attachments (1)

21466.patch (582 bytes) - added by Viper007Bond 3 years ago.

Download all attachments as: .zip

Change History (11)

comment:1 @Viper007Bond3 years ago

Didn't have time to write a more detailed ticket before now and I didn't want to forget to file this. :)

Someone came up to me at the WCSF Happiness Bar and wanted to make the expiry time on the post password cookies shorter. There's no filter to control the current 10 day value and work arounds are ugly.

A simple filter on the value should do the trick.

Last edited 3 years ago by Viper007Bond (previous) (diff)

@Viper007Bond3 years ago

comment:2 follow-up: @ocean903 years ago

time() should be added to the filter arg too, so that it's possible to set a session cookie too, see #21517.

comment:3 in reply to: ↑ 2 @Viper007Bond3 years ago

Replying to ocean90:

time() should be added to the filter arg too, so that it's possible to set a session cookie too, see #21517.

Good call.

comment:4 follow-up: @scribu3 years ago

We should just make the cookie expire at the end of the session. See #21517

comment:5 in reply to: ↑ 4 @Viper007Bond3 years ago

Replying to scribu:

We should just make the cookie expire at the end of the session. See #21517

I agree -- much better from a security standpoint, but I also think we should still have a filter for those that prefer a non-session cookie like it is now.

comment:6 follow-up: @Clorith3 years ago

Agreed, considering this feature has been cookie dependent for so long many users may have built their themes/sites around it and cookie mode should then either be deprecated gracefully with backwards compability for a while, or included as a possibility for them in general.

comment:7 in reply to: ↑ 6 @Viper007Bond3 years ago

It would still use cookies but rather than expiring after X hours/days, it would expire when the user closed their browser.

So no actual functionality change or removing the cookie, just an expiry change.

comment:8 @SergeyBiryukov2 years ago

  • Keywords has-patch needs-refresh 3.7-early added
  • Milestone changed from Awaiting Review to Future Release

Needs a refresh after [21996]. See also comment:2.

comment:9 @wonderboymusic2 years ago

  • Milestone changed from Future Release to 3.7

these are all marked 3.7-early

comment:10 @nacin23 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 25450:

Introduce post_password_expires filter to control the expiration of the post password cookie.

props Viper007Bond for initial patch.
fixes #21466.

Note: See TracTickets for help on using tickets.