Title: capi81's Replies | WordPress.org --- # capi81 [ ](https://wordpress.org/support/users/capi81/) * [Profile](https://wordpress.org/support/users/capi81/) * [Topics Started](https://wordpress.org/support/users/capi81/topics/) * [Replies Created](https://wordpress.org/support/users/capi81/replies/) * [Reviews Written](https://wordpress.org/support/users/capi81/reviews/) * [Topics Replied To](https://wordpress.org/support/users/capi81/replied-to/) * [Engagements](https://wordpress.org/support/users/capi81/engagements/) * [Favorites](https://wordpress.org/support/users/capi81/favorites/) Search replies: ## Forum Replies Created Viewing 3 replies - 1 through 3 (of 3 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories] Posts Expiring To Draft Status Since 2.2.1](https://wordpress.org/support/topic/posts-expiring-to-draft-status-since-2-2-1/) * [capi81](https://wordpress.org/support/users/capi81/) * (@capi81) * [8 years, 10 months ago](https://wordpress.org/support/topic/posts-expiring-to-draft-status-since-2-2-1/#post-9317477) * I think I know how to reproduce this issue: once you edit anything of a post in “Quick Edit”, the expiry action gets reset to the default action. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[WordPress HTTPS (SSL)] Force "wordpress_logged_in_HASH" cookie to be HTTPS-only?](https://wordpress.org/support/topic/force-wordpress_logged_in_hash-cookie-to-be-https-only/) * Thread Starter [capi81](https://wordpress.org/support/users/capi81/) * (@capi81) * [13 years ago](https://wordpress.org/support/topic/force-wordpress_logged_in_hash-cookie-to-be-https-only/#post-3665649) * Well, actually my code-snippet above has some issues, e.g. it does not unset the cookie on log-out, but I think you get the point 🙂 * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[WordPress HTTPS (SSL)] Force "wordpress_logged_in_HASH" cookie to be HTTPS-only?](https://wordpress.org/support/topic/force-wordpress_logged_in_hash-cookie-to-be-https-only/) * Thread Starter [capi81](https://wordpress.org/support/users/capi81/) * (@capi81) * [13 years ago](https://wordpress.org/support/topic/force-wordpress_logged_in_hash-cookie-to-be-https-only/#post-3665648) * No, I don’t use Force SSL Exclusively, as visitors should be free to decide if they want to use HTTP or HTTPS. * I did some experiments with the cookies and it seems that the wordpress_logged_in_* alone cannot be used to access the administration, if the wordpress_logged_in_* is not set due the path restrictions of the secure cookie. * Still, the content of the wordpress_logged_in_* is the same evertime I log in, so I’d say it needs to be considered a credential which I would not want to be exposed via non-encrypted connections. What exactly can be accessed with the wordpress_logged_in? One seems to be able to preview unpublished articles, comment under the user’s name, what else? * Maybe it would be a workaround to simply unset the cookie after login and modify WordPress URL and Site-URL to the HTTPS variant when being viewed via HTTPS so that article preview, etc. use HTTPS instead of the HTTP version, which would require the cookie to be set. * Basically (I just tested it), the functionality is similar to the following addition to `wp-config.php`: * ``` if ($_SERVER['HTTPS'] == "on") { define('WP_HOME','https://www.domain.com/blog'); define('WP_SITEURL', 'https://www.domain.com/blog'); setcookie('wordpress_logged_in_HASH', $_COOKIE["wordpress_logged_in_HASH"], 0, "/blog/", "www.domain.com", true, true); setcookie('wordpress_logged_in_HASH', "", time()-3600, "/blog/"); } ``` * What is your opinion on my points above? Viewing 3 replies - 1 through 3 (of 3 total)