#37333 closed defect (bug) (worksforme)
Cookie remains valid after post password is changed
Reported by: | henry.wright | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Posts, Post Types | Keywords: | |
Focuses: | Cc: |
Description
If a user enters a correct password on a password protected post, a cookie is set which gives that user access to the post content. If the site admin then changes the post password, I'd expect access to be revoked from users who entered the old password. However, that doesn't happen.
Change History (2)
Note: See
TracTickets for help on using
tickets.
Thanks for the report.
When a user enters a password for a password protected post, the password is stored encrypted in the
wp-postpass
cookie. If the password on the post changes, the cookie no longer contains the correct encrypted password. I've tested this behaviour, and the password protected post becomes unavailable again once the password is changed.I suspect your issue is related to caching, either at the network level or at the browser level. I'd take a look at that as a first point of debugging.