I think that the fact that posts’ passwords stay in cookies even after user closes browser window is not well thought.
This makes whole password protecting feature useless, because when someone connects to a blog from a public computer (where it’s sometimes not possible to delete cookies) and views password-protected post, then everyone after him/her can see the (not anymore) password-protected post.
I think this has a simple solution that is to alter the expiration date on the cookies so they get deleted right after the user closes the browser. To do that I would have to know where is the setcookie function that refers to the creation of cookies for posts… Can anybody help me find it?
- The topic ‘Where’s the setcookie for the post password?’ is closed to new replies.