[wp-trac] [WordPress Trac] #44089: Clear post password cookie when logging out
WordPress Trac
noreply at wordpress.org
Tue May 15 11:28:02 UTC 2018
#44089: Clear post password cookie when logging out
-------------------------------+----------------------------------------
Reporter: johnbillion | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version:
Severity: normal | Keywords: needs-patch good-first-bug
Focuses: |
-------------------------------+----------------------------------------
I think it is expected behaviour that when a user logs out of WordPress,
they are also "logged out" of viewing password protected posts for which
they've entered the password. This is not the case. The `wp-
postpass_{hash}` cookie is not cleared when a user logs out.
Example scenario:
1. Log in to WordPress.
2. Publish a password protected post.
3. Navigate to the post permalink and enter the password to view the post.
4. Log out of WordPress.
The password protected post is still viewable at its permalink, despite
the user having just logged out. It's correct that viewing a password
protected post is not tied to a user session, but I think most users would
expect that after logging out of their account they would no longer be
able to see the contents of a password protected post that they just
published.
Previously: #32567
Related: There is no way for any user -- logged in or not -- to "log out"
of viewing a password protected post. I'm sure there's an existing ticket
for this but I can't find it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44089>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list