#21517 closed defect (bug) (duplicate)
Password protected posts have too long lifespan
Reported by: | Clorith | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.4.1 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
When creating a password protected post the access permissions are stored with cookies using wp-pass.php which defaults to 10 days.
This is too long of a lifetime for a protected page as subsequent visits within that timeframe allows anyone access to the protected content.
Ideally this should be a user definable value, either set per post, or on a global level for that WP instance.
Change History (5)
#2
@
12 years ago
This is also a viable solution, I agree, and might even be a better approach as you don't need to worry about the cookie expiring while the user is using the site.
Note: See
TracTickets for help on using
tickets.
We could also just make it a session cookie, so that it expires right after the tab (or browser?) is closed.