WordPress › Invalidate Logged Out Cookies

Invalidate Logged Out Cookies

Author: moggy

WordPress' auth cookies include a built-in expiration date (either 2 or 14 days depending on if the 'Remember Me' option is checked). Even if you remove the client-side cookie (by manually logging out or just closing your browser if 'Remember Me' wasn't checked when logging in) the data that was stored within the cookie is still valid until the expiration date is reached.

This could be an issue if someone managed to "steal" your cookie(s). They would still be able to access your website for some time into the future.

This plugin will immediately invalidate your auth cookies when you manually log out. This, of course, also means that you have to manually click 'Log out' for this plugin to work properly (you can't just close your browser to remove any cookies that expire at the end of the session). This won't prevent session hijacking, but should limit the amount of time that an attacker can access your website.

Tags: cookies, security, logout, login

Download

FYI

Version: 0.1
Other Versions »
Last Updated: 2009-6-26
Requires WordPress Version: 2.8 or higher
Compatible up to: 2.8
Author Homepage »
Plugin Homepage »

Compatibility beta

Your Setup

WordPress
Plugin
Log in to vote.

The Consensus (0 reporting)

No data

Average Rating

(2 ratings)

WordPress.org

Plugin Directory

Search Plugins

Popular TagsMore »