Password Protected posts – does WP retain the password after login?

  • Resolved jrodgers

    (@jrodgers)


    16 years, 1 month ago

    A user is trying to pasword protect a post which is working fine, however, their concern is that they are only prompted for the password the first time accessing the post, how does the password protected post function in maintaining that state, is there a cookie set? is it in the session? can it be overridden, so that after viewing the accessibility of the user is removed?

Viewing 4 replies - 1 through 4 (of 4 total)

  • Just from experimenting is seems to be a cookie. If you clear cookies through your browser then you are prompted for the password again. I’m not sure how, or even if, you can impact that from the server or WP…it may just be a local browser thing.

    But, someone else may know better…

    Thread Starter jrodgers

    (@jrodgers)

    thanks figaro, tracked it down to

    wp-postpass_(really long hex number, probably encrypted)

    now, how can i clear this? is there a wp setting which will allow me to set the expires value for this cookie?

    Thread Starter jrodgers

    (@jrodgers)

    this issue can be fixed by changing the value in wp-pass.php

    change
    setcookie(‘wp-postpass_’ . COOKIEHASH, $_POST[‘post_password’], time() + 864000, COOKIEPATH);

    to
    setcookie(‘wp-postpass_’ . COOKIEHASH, $_POST[‘post_password’], 0, COOKIEPATH);

    makes it end when the browser window is closed/session ends

    Great…thanks for the follow-up.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Password Protected posts – does WP retain the password after login?’ is closed to new replies.