I set a password for a protected post; initially the feature carries out its duties: it asked me the password, I must enter it to see the post. However, when I close the browzer window and go back to the site, I do no longer have to input any password to see the protected password. This is a very big security problem for my site. I’m not sure if this is due to a cookie or other sort of Temporary Internet File being stored, but is there any way to make sure that, for a protected post, a user must input the password every time he comes to the page?
That is because of the cookie on your computer. Every other computer would have to put the password in. To ensure that other people using your computer don’t have this access, just clear your cookies and browser cache.
is there anything I can do from my side of the site? Such as blocking a vistor’s computer from cookie-ing the password?
Nothing. But I wouldn’t worry: No other computer would have the password, until somebody on that computer put it in.
Keep in mind that the other user’s computer also stores a cookie, and they only have to put in the password once. Subsequent visits do not require them to put in a password. The only way (I’ve found) to really restrict who sees a post is to change the password.
Let me add a bit on this…
I have similar problem with my protected pages.
I have 2 protected pages: pageA password AAA and pageB password BBB
If a user access to a page he get prompted for the password -> good.
He enter the password (AAA) great it works.
He close the browser, clear the cache (all cookies)
and go again on the page. Here I would expect he get asked for the password again.
But NO. He doesn’t…. If you wait some times, it will eventually ask you again for the password.
He get prompted for the password but enter XXX.
So it fails.
He retry and use the correct password AAA, but IT FAILS.
This thing turns me mad!
I would report that as a bug.
The topic ‘Password Dilemma?’ is closed to new replies.