Support » Requests and Feedback » Change login cookie?

  • Resolved Paul


    I was a dumb WP user who logged into my site from a friend’s computer (who doesn’t live close), but I forgot to click the Log Out link when I was done.

    This friend now has full access to my WP blog, and there is nothing I can do to remove his access, is there? I installed FreeMoby’s Cookie Timeout plug in, but that only solves the problem so it doesn’t happen again. It doesn’t help my current problem.

    Unfortunately, when I change my password, it doesn’t matter, because his cookie still tells him he is logged in, despite the change in password.

    Basically, unless I can find a fix, he will be logged into my computer for a year from when I visited him last. In that time, he keeps making comments as me.

    So, I guess what I’m wondering is two-fold: is there a way I can change the name of the login cookie so that the cookie on his machine is no longer valid? And is there a way to integrate something into a future WP release where the cookie must verify that the password hasn’t changed in order for the cookie to still be valid?

Viewing 3 replies - 1 through 3 (of 3 total)
  • If you change the password, he shouldn’t be able to log in. WP checks the cookie every load and matches it to the user in the database. The cookie is useless to him.

    It didn’t work. I changed my password three times (different each time), and the user was still able to write comments as if they were me.

    Maybe that was supposed to solve my problem, but it didn’t work for me. (Trust me, changning my password was the first thing I tried!)

    Ahh, this makes sense. They can’t log in as you, but they have the comment_author cookies. What they’re doing is just letting WP fill in their comment information (your comment information). It’s the same as manually typing in your username and imitating you.

    Now, to get rid of those cookies…Try <?php if ($_COOKIE[‘comment_author_’.COOKIEHASH] == “yourusernamehere”)
    setcookie(‘comment_author_’.COOKIEHASH, ”, time() – 60);
    setcookie(‘comment_author_url_’.COOKIEHASH, ”, time() – 60);
    setcookie(‘comment_author_email_’.COOKIEHASH, ”, time() – 60);
    ?>… just add that to your comments.php or whatever. That should delete his cookie. Fill in yourusernamehere with …your user name.

    I’m not sure that’ll work, but that’s a guess. Just don’t worry that he can access your account. He can’t.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Change login cookie?’ is closed to new replies.