Password Pages

  • How can you make sure that users log-out of password protected pages?

    My concern is that someone using a public computer will log-in on my password protected page but then if someone else visits the site they will not have to enter the password.

    This has happened on my computer, where I only had to enter the password once and now I have forever access to that page.

Viewing 8 replies - 1 through 8 (of 8 total)

  • I don’t think they have to log out do they? It works for me by just closing the browser. If I do that, then I have to put in the password again.

    Trent

    Thread Starter deltaomicronmu

    (@deltaomicronmu)

    I’ve tried closing the browser but I’ll go on the next day and I’ll still be logged in. I had a friend try it too and she didn’t have to log back in either.

    Ah…it is cookies. Sorry, I was thinking about .htaccess password protection. That is a good point. Something for devs to think about.

    Trent

    Just from my experience, I don’t think you can think of this as “true” secure password protection. It’s just “protection”. I don’t think there is a log-out feature to accomplish this.

    I have used this on my blog here (https://www.georgetownprofessor.net/podblog) but it’s just to provide a basic level of protection to keep the world at-large out…I’m sure there are some public computers where people who have the password have logged in and now it’s open to others…and I can live with that.

    Just my opinion, but if you want to provide a high level of security for your information, then you’ll need to look at other applications specifically designed for that purpose.

    Steve

    Thread Starter deltaomicronmu

    (@deltaomicronmu)

    Okay… now does anyone know of a plug-in that may accomplish what I’m going for? It is only to protect one page.

    You can shorten the valid time frame on the cookie that is issued when someone enters a password to view a protected post. If you go into your wp-config.php file, edit the following line:

    setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000);

    Change the “864000” number to something smaller…it’s set to 10 days (in seconds), so maybe try something shorter like 300 (for 5 minutes). It might be annoying to have to re-enter a password if you refresh the page, but it will ensure that those posts don’t stay unprotected for too long.

    Hi, I’m going through the same problem where it doesn’t prompt me for the password once I type it in once. I’m trying to look at my wp-config file but I don’t see a line for the setcookie information.

    Would I be able to input this in even though it’s not there?

    Davod

    (@npsites)

    the file seems to be pluggable.php
    $expire = time() + 31536000;

    is that 365 days?

    31536000 /60sec /60min /24hrs ?

    also since its in the pluggable.php there may be a plugin for setting cookie time or it might be a good project for someone so people could set their sites cookie to the average time that a visitor spends on the site…. maybe 30 mins maybe 3hrs

    if the cookie is set too small
    then you overload the db with requests for password verification

    i know that happens a lot on vbulletin sites with more then 1000 concurrent users and a short cookie it kills mysql really nicely

    heh

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Password Pages’ is closed to new replies.

Tags