[wp-trac] [WordPress Trac] #44089: Clear post password cookie when logging out

WordPress Trac noreply at wordpress.org
Tue May 15 13:16:48 UTC 2018 

#44089: Clear post password cookie when logging out
-------------------------------------------------+-------------------------
 Reporter:  johnbillion                          |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  Posts, Post Types                    |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  needs-patch good-first-bug 2nd-      |     Focuses:
  opinion                                        |
-------------------------------------------------+-------------------------
Changes (by subrataemfluence):

 * keywords:  needs-patch good-first-bug => needs-patch good-first-bug 2nd-
     opinion


Comment:

 I think there is a slight difference between a Page/Post visible to logged
 in users, which we usually called as "Private Pages" and a Page/Post
 visible only by entering a Password which is applicable for that Page/Post
 only.

 Let's take an example of a Password Protected Post/Page which sends an
 itemized Cost Proposal for organizing an event in company's auditorium.
 The authority does not want the Proposal to be visible to public, but
 those who applied for a booking are able to see it by means of entering a
 password set and provided by the company itself.

 If the booking application has a section like "Ask for a Quote" and an
 Event Organizer sends an email to the webmaster from there, he can always
 do that even he is not a registered account holder of the site yet.

 The webmaster/admin can then prepare a Password protected Page / Post with
 Cost Proposal and can then email the Page / Post link to Event Organizers
 with the password (set by the admin) required to open that page.

 Although the Event Organizer is not a registered member of the site, he
 will still be able to access the page by entering the password, but others
 without it won't be able to see.

 The Event Organizer company can have several staffs who have the power to
 deal with cost factors. If the manager of this company passes on the link
 and the password, they will be able to see it. Otherwise, either these
 employees need to have a separate account on the site or the manager has
 to share his own credential (if he has any) with his employee(s) to get
 them the access to see it.

 Another example is when we receive our Credit Card bills, we don't have to
 login to any different systems (except our email), rather than just type
 in the password provided by the company to open the document.

 To my understanding, a Password Protected page and a so-called Private
 page should be treated differently. I see it other way round. In order to
 access a Password Protected page / post one doesn't have to be a
 registered user of the site.

 I would be happy to be corrected!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44089#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list