Wordpress Plugin: Cookie Timeout
Posted by Moby on May 21st, 2005 at 11:38 am
My wife called me to tell me that people could reach her site’s admin page (specifically her mother), and wanted me to check her site. I told her that she probably forgot to logout, and I was right. The default expiration for the login cookie is one year. I just wrote a small plugin to change that value to something more reasonable.
- Cookie Timeout 0.5 NOTE: This only works if you have Wordpress 2.01 or greater
- Cookie Timeout 0.20 (works with 1.52)
Version History:
- 0.50 Compatible with WordPress 2.5. (2008-03-29)
- 0.42 Fixed another redeclare error and the plugin can now be run from sub-directories. (2008-03-22)
- 0.40 Added option to ignore the “Remember me” checkbox on the login page. (2006-06-13)
- 0.36 Added nonce security. (2006-06-03)
- 0.35 Fixed “Cannot redeclare wp_setcookie()” error when the plugin is activated. (2006-04-10)
- 0.31 Compatible with WP 2.01. Simply some internal housekeeping on their part. (2006-01-31)
- 0.30 Compatible with WP 2.0. Now respects the new “Remember me” checkbox on login (2005-12-21)
- 0.20 Added ability to expire the cookie when the current browser session is closed (2005-06-27)
- 0.11 Added message for the need to logoff after making changes (2005-05-23)
- 0.10 Initial version
NOTE: If you want this plugin’s values to work on password protected posts you have to replace the wp-pass.php file in the root of your installation with the following version:
May 21st, 2005 at 1:48 pm
Thanks for the great plugin. Does It work with WP 1.5? I use WP 1.5 and don’t want to upgrade until WP 1.5.2 comes out so…?
I guess It might work with 1.5. If It doesn’t, ohh well.
May 24th, 2005 at 2:45 pm
Hey thanks! Setup was a snap, and if it works like it says it does, then it’s exactly what I was looking for.
May 30th, 2005 at 2:51 pm
[...] May 30th, 2005 Wordpress Plugin: Cookie Timeout Cookie Timeout allows WordPress users to set the time the admin login cookie [...]
May 31st, 2005 at 1:36 pm
[...] « Nuovo tema Plugin WordPress: Cookie Timeout Cookie Timeout permette agli utenti di WordPress di impostare il tempo nel qu [...]
June 27th, 2005 at 3:04 am
It would be even better to expire at the end of a browser session. To make this happen, set the timeout to NULL.
June 27th, 2005 at 6:24 pm
Great idea. I’ve added that ability to the plugin.
July 2nd, 2005 at 4:49 pm
Brilliant, this is exactly what I want. I can’t believe that the default wordpress installation does not include something like this…
August 2nd, 2005 at 2:58 am
The plug-in works great, but doesn’t address the cookie written for password protected posts. It has a 10 day default life - a problem if you use public computers. I’ve edited the wp-pass.php file to change line reading “setcookie(’wp-postpass_’ . COOKIEHASH, $_POST['post_password'], NULL /* time() + 864000 */, COOKIEPATH);”, changing 864000 to 0. This clears the password cookie after closing the browser session, but not at logout from WP. Any chance this cookie can be included in your plug-in?
August 2nd, 2005 at 7:10 pm
Great idea, but I can’t change that from a plugin. However, I did modify the wp-pass.php file to use the plugin’s values. Download wp-pass.zip.
August 16th, 2005 at 7:29 am
I think that “THIS PLUGIN ROCKS !!” would be the appropriate sentence I will use talking about your idea…
thx
September 1st, 2005 at 5:20 am
[...] See this site to get the plugin. [...]
September 4th, 2005 at 11:21 am
[...] Cookie Timeout - Sets the amount of time before the login cookie will expire. By default, WordPress sets the timeout of the login cookie to one year. I prefer to have the cookie expire when the browser is closed. You can do this with this plugin instead of incorporating a code hack into WordPress product itself. [...]
September 22nd, 2005 at 11:57 am
Thanks for this plugin. I was having the exact same problem that you describe (logged in on my mom’s computer).
So, when I activated the cookie and changed the timeout, WP told me that I had to log out to make this work properly. How does that work for my mom’s computer–i.e. on a computer that has the old cookie set? Will she have to log out before her cookie expires, or will she be logged out automatically the next time she comes to my WP site?
I guess what I’m asking is does this change affect previously made cookies by WP, or does it only affect new cookies made after the installation of the plugin?
September 22nd, 2005 at 5:13 pm
You have to logout on all computers that have the old cookie to get rid of them.
September 23rd, 2005 at 3:48 pm
Thanks, Moby
What kills me about the WP cookie is that it doesn’t matter if the password has been changed; the cookie still thinks that the original user has rights to log in. So, if they never log out, there is no way to take away their full-access to the system for OVER A YEAR!
This seems like it could be a big secuirty issue for somebody who didn’t know enough to log out.
I guess that is why we should all install, and use, your great plugin from the beginning!
September 30th, 2005 at 11:09 pm
I try to install this plugin in version 1.5.2 and it look like is doesn’t work. Is this version support 1.5.2 or I did something wrong.
Thanks
Rocky
October 1st, 2005 at 12:24 pm
Yes, it works in 1.5.2. That’s the version I’m using. Are you sure you activated the plugin and did you changed any of the plugin’s options?
October 25th, 2005 at 5:05 am
great plugin..
but it seems not working with my wordpress 1.5
October 26th, 2005 at 7:48 pm
Great plugin! a snap to install and use, and works just as expected (I’m on 1.5.2).
Thanks for your efforts!
November 26th, 2005 at 1:34 pm
thanks for the good work… it work´s with 1.5.2!
December 15th, 2005 at 9:17 am
Thanks for the pluging, works perfectly for me (wp 1.5.2, wpg2).
December 20th, 2005 at 12:37 pm
I installed plugin in plugin folder and activated but when, I try to go to the options page, I get page not found. it’s looking for the php in a different folder. Is there someplace to change this? Am I supposed to copy the file to both places? There’s no Read Me file in the folder.
December 20th, 2005 at 7:28 pm
You are using Wordpress 1.5.1 or greater, right?
If so you shouldn’t have to copy the plugin to another place. Can you post the URI that it’s trying to get to?
December 20th, 2005 at 10:08 pm
Yes, I am using 1.5.2. When I click the option it looks for the following: http://www.healingspirit.com/journal/wp-admin/cookietimeout.php
December 21st, 2005 at 8:03 am
Fantastic …
Both the Logout and Password Posts are working for me perfectly in IE … but not in Firefox (1.0.7) …
If I close a browser session and open a new one, I’m still logged in and can still access PW-protected pages …
Cheers
Nick
December 21st, 2005 at 10:20 pm
Nick:
I use FireFox and it works just fine. Are you running the Session Saver extension in FireFox? That will restore cookies.
Antonia:
On your General Options page does the Wordpress URI = your Blog Address URI?
Do any of your other plugins with option pages work correctly?
The link should look like http://www.healingspirit.com/journal/wp-admin/options-general.php?page=cookietimeout.php
December 21st, 2005 at 11:37 pm
Moby,
yes, the two URIs are the same. Other options work correctly except wp-Contact form (which gives me a page not found, and possible one other that I can’t remember now.
I actually get two different links to the option
1. The link to the cookietimeout option from the plugin page looks exactly as you have it (http://www.healingspirit.com/journal/wp-admin/options-general.php?page=cookietimeout.php)but give me this: “Cannot load cookietimeout.php.”
2. If I go directly to the Option page and click on Cookietimeout, the link is different (http://www.healingspirit.com/journal/wp-admin/cookietimeout.php) and I get “Page not found.”
January 7th, 2006 at 11:25 am
I get an error when I try to open the zip file after downloading. Is this plug-in still available? It would be extremely helpful for my site. THANKS!
January 31st, 2006 at 11:55 am
I am fairly new to Wordpress and using it, so I have a question about your plugin. It seems that it will do exactly what I want, however it seems to conflict with the ldap plugin that we are currently using. The error is as follows:
Fatal error: Cannot redeclare wp_setcookie() (previously declared in /srv/www/htdocs/wp-content/plugins/cookietimeout.php:44) in /srv/www/htdocs/wp-content/plugins/ldap_auth.php on line 277
The LDAP authentication plugin that we are using is version 1.01 from Patrick Cavit.
Anyone get them working together?
January 31st, 2006 at 7:15 pm
Both plugins modify the function wp_setcookie, so the plugins won’t work together. They would have to be merged into one plugin.
February 17th, 2006 at 7:32 am
As told, it doesn’t work if you have WP 1.5.
I tried to install ignoring that warning, and happened that I became unable to login, no matter what I tried to do.
I had to upgrade to WP 2.0 to work on my blog again!
February 22nd, 2006 at 12:11 pm
Well, I can’t find “logout icon” no more.
I would like to logout without closing my browser window.
(I’m also using the Tiger Style Administration plugin).
March 13th, 2006 at 4:32 pm
I had to change the code for your wp_pass.php in order to display my password protected posts (same login prompt would keep appearing even after successfully putting in password). I changed:
setcookie(PASS_COOKIE, …..
to
setcookie(’wp-postpass_’ . COOKIEHASH, ……
Now it works.
March 13th, 2006 at 9:13 pm
Thanks. I’ve updated that file.
March 14th, 2006 at 1:25 pm
I copied the file (Version: 0.31) into my plugin folder but when I try to activate it, I get the following error:
Fatal error: Cannot redeclare wp_setcookie() (previously declared in /home/content/d/r/d/drdetecto/html/wp-includes/pluggable-functions.php:252) in /home/content/d/r/d/drdetecto/html/wp-content/plugins/cookietimeout.php on line 44
I am using Wordpress 2.0.2
help much appreciated
March 15th, 2006 at 6:21 pm
Does it work after you get the error? If not, try refreshing the page with the error still up. Does it work after that?
April 5th, 2006 at 11:00 am
Heyè Same problem here:
Fatal error: Cannot redeclare wp_setcookie() (previously declared in /var/www/dglauser/wp-includes/pluggable-functions.php:252) in /var/www/dglauser/wp-content/plugins/cookietimeout.php on line 44, version 2.0.2. Refreshing makes error message disappear, but it seems that the wrong wp_setcookies() is used (not the one of the plugin) afterwards.
April 10th, 2006 at 9:34 pm
I’ve fixed the redeclare error.
April 25th, 2006 at 12:39 am
Hi. I maintain some sites that are still using WP 1.52, and I do believe an older version of your plugin works with that. The plugin doesn’t have the different versions avaiable, though. I hope you can also provide links to the older versions.
Cheers.
Angelo
April 25th, 2006 at 8:18 pm
Added a link to version 0.20 which is compatible with WP 1.52.
May 18th, 2006 at 9:21 am
Plugin worked beautifully with wp-pass.php on protected posts.
Many thanks.
October 22nd, 2006 at 10:15 am
Hi, I have read this page a dozen times, repeated all steps, and tried changing numbers. The password protected post always shows after the password is put in. I need it to revert back to “please enter password” after closing the browser window. Maybe I missed something, but I think I’ve tried everything.
March 16th, 2007 at 3:14 pm
I downloaded the plugin which works beautifully, but I’ve found that the modified file for password protected pages doesn’t work in firefox. I’ve changed the values and it’s fine in IE, but even after logging out and closing the browser I remain logged in to password protected posts in firefox. Any ideas?
April 8th, 2007 at 11:54 pm
[...] setiap kali kita udah kelar bekerja dengan panel WordPress. Saya sendiri sebenarnya memakai plugin Cookie Timeout yang memungkinkan bisa log-out secara otomatis dengan cara menghapus cookie (bukan kue) di browser [...]
March 19th, 2008 at 12:19 am
I am definitely using 0.40 (it has the check supposed to prevent the redeclare error)but I still get the error (with WP 2.3.3,not 2.3.2 as posted above). I’m desperate to get this plugin working. Is there anything I can try?
March 20th, 2008 at 7:11 pm
Try this version: http://www.freemoby.com/p/cookietimeout_0_41.zip
March 21st, 2008 at 1:21 am
With 0.41 the plugin appears to activate, but when I go to ‘Cookie timeout’ under ‘Options’ I get:
Not Found
The requested URL /wp-admin/cookietimeout.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
What shall I try next? Your help so far is much appreciated.
March 21st, 2008 at 9:08 pm
Give this one a try: http://www.freemoby.com/p/cookietimeout_0_42.zip
March 22nd, 2008 at 1:35 am
Works like a dream! You’re a star. Many thanks.
July 24th, 2008 at 5:58 am
Thanks for the plug in.. Works like a charm..!