Anonymous
I believe you will find that the login is simply remembering you based on session variables. If you try it from another machine, it won’t bypass the login. If you logout it won’t take you in, even in Firefox until you login again.
It is seen as a feature to allow you to go in and out of the posting/editing screens as you see fit without wearing out the keyboard logging in and out.
My WordPress local installation never showed this behavior. You’re right, another machine didn’t bypass the login and the behavior is the same, in the following sequence: 1. IE6 requires login, 2. logout and then IE6 requires login but it takes two tries to work and this persists until switch to Firefox, 3. Firefox requires login, 4. logout and then Firefox skips login page, 5. logout and from then on both IE6 and Firefox skip the login page. Also, after shutting down machines for the night, the next morning the login page is still bypassed from the get-go.
I don’t think it should be a feature that once a machine has been used to log in, you never have to login from that machine again! Some kind of session variable that persists for a few minutes after logging out, maybe, but not forever!
Or perhaps I wasn’t clear in original post, this isn’t a matter of just going in and out of posting/editing screens. I see that feature with the “View Site” button on the tool bar. I’m talking about logging completely out of admin functions. It’s almost like the “log out” isn’t being recognized.
I might mention I can make it require a login the next time by “changing” the password before logging out – except I don’t change it, just re-enter the existing password.
I appreciate your reply, but gotta think there’s more to it. Like the session variable persisting when it shouldn’t? But I don’t enough PHP to know where the code is that governs this, and also I thought session variables were stored in cookies, which I deleted with no effect. At least, I thought I did. If you or anybody else has another idea, I’d be grateful. Otherwise, I’ll keep futzing around with it.
HarpShot
OK – helpful info now. After logging out, I’m returned to login page. If instead of clicking the “Back to blog” link I re-type the URI in the browser address window, then clicking the link for wp-login brings up the login page and requires login. I guess I can live with that. Except, instead of logging in I can use browser back button to return to the post/edit page without having to log in. So, if this is how it’s supposed to work, I reckon it would be a good idea to clear history and cache before walking away from a machine that somebody else might come along and use.
HarpShot
