[wp-trac] [WordPress Trac] #44089: Clear post password cookie when logging out

WordPress Trac noreply at wordpress.org
Tue May 15 11:28:02 UTC 2018

#44089: Clear post password cookie when logging out
 Reporter:  johnbillion        |      Owner:  (none)
     Type:  defect (bug)       |     Status:  new
 Priority:  normal             |  Milestone:  Awaiting Review
Component:  Posts, Post Types  |    Version:
 Severity:  normal             |   Keywords:  needs-patch good-first-bug
  Focuses:                     |
 I think it is expected behaviour that when a user logs out of WordPress,
 they are also "logged out" of viewing password protected posts for which
 they've entered the password. This is not the case. The `wp-
 postpass_{hash}` cookie is not cleared when a user logs out.

 Example scenario:

 1. Log in to WordPress.
 2. Publish a password protected post.
 3. Navigate to the post permalink and enter the password to view the post.
 4. Log out of WordPress.

 The password protected post is still viewable at its permalink, despite
 the user having just logged out. It's correct that viewing a password
 protected post is not tied to a user session, but I think most users would
 expect that after logging out of their account they would no longer be
 able to see the contents of a password protected post that they just

 Previously: #32567

 Related: There is no way for any user -- logged in or not -- to "log out"
 of viewing a password protected post. I'm sure there's an existing ticket
 for this but I can't find it.

Ticket URL: <https://core.trac.wordpress.org/ticket/44089>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list