Logged in users still have acccess on password change / deletion

Hi flamey,

This is surely a defect. This may be a bug between server timezone and client’s one.
I’ll investigate on this in a few days.

Regards

Hi,

I just updated the plugin to version 1.4. Can you try to upgrade please ? It fixes some inconsistencies on cookies expiration dates.

Also, please check that the timezone is well defined in your general options (at /wp-admin/options-general.php)

Unfortunately changing the expiration date of a password may not log out user :
– The cookie is stored on the client browser, according to the expiration date of the password used.
– The P5 plugin use native WordPress protection. It does so by storing the first password in the cookie, even if user used 2nd or 3rd password. So passwords used by the client can not be retrieved, and so their expiration dates can’t be checked.

The only way to log out user is to change or remove the password.
Expired passwords are automatically removed by cron (hourly), or manually when you save your post.

Regards

thanks, but that didn’t help.

Expiry of a password works – user looses access to the post immediately as expiration time comes, even if the password is not yet deleted. but if the password doesn’t have expiration time and you simply delete it manually after user has logged in – the user continues to have access. if I clear cookies the access is blocked, of course, and the deleted password it doesn’t work anymore, of course.

the timezone is correct, and I should also mention that I’m trying it on local WAMP install (though build-in password system works, as well as another multiple passwords plugin I tired – but that one doesn’t have expiring passwords which I’d like).

Unfortunately, native WordPress post password protection seems too week.
You make mention of an another plugin which works. I would like to take a look on it, can you tell me the name of this plugin ?

Sure, it’s BAW Multipass for Protected Pages