page visibility always acts like public, ignores password protection

[vccwebadmin]

recently upgraded from wordpress 4.8.3 to 4.9.1. After the upgrade my website pages marked 'password protected' started allowing everyone to view them without prompting for password. Using theme 2017. seems like issue #23065 error, but for pages, not posts. Any thoughts?

[dd32]

Hey @vccwebadmin and welcome to Trac

I've just tested this, and it's working as expected for me - do you have any security or caching plugins installed that might be affecting it? What about with all the plugins temporarily disabled?
Do you experience the same issue viewing the pages in Incognito/private mode in your browser?

There's been no other reports of it, and I can't see anything that would've affected it, so I'm more inclined to believe this may be caused by something on your site rather than a WordPress bug in general.

[vccwebadmin]

Well, I discovered it will prompt for a password as long as I use a different device. Apparently, it is remembering my IP (a guess on my part) and not requiring the password if I ever logged in earlier from the same device. Perhaps this is intended, but I was expecting the password prompt. Sorry for a false alarm, if that behavior matches your expectations.

[dd32]

Replying to vccwebadmin:

Well, I discovered it will prompt for a password as long as I use a different device. Apparently, it is remembering my IP (a guess on my part) and not requiring the password if I ever logged in earlier from the same device. Perhaps this is intended, but I was expecting the password prompt. Sorry for a false alarm, if that behavior matches your expectations.

This is intended.
The post password is stored in a per-browser cookie, and won't prompt you for it until it expires.
If you use the same password on multiple posts, it won't prompt you on those posts either.