Linux 软件免费装

在这里免费安装WordPress以及其他软件

Invalidate Logged Out Cookies

开发者 laceous
更新时间 2010年5月22日 08:43
PHP版本: 2.8 及以上
WordPress版本: 2.8

标签

cookies security login logout

下载

0.1

详情介绍:

WordPress' auth cookies include a built-in expiration date (either 2 or 14 days depending on if the 'Remember Me' option is checked). Even if you remove the client-side cookie (by manually logging out or just closing your browser if 'Remember Me' wasn't checked when logging in) the data that was stored within the cookie is still valid until the expiration date is reached. This could be an issue if someone managed to "steal" your cookie(s). They would still be able to access your website for some time into the future. This plugin will immediately invalidate your auth cookies when you manually log out. This, of course, also means that you have to manually click 'Log out' for this plugin to work properly (you can't just close your browser to remove any cookies that expire at the end of the session). This won't prevent session hijacking, but should limit the amount of time that an attacker can access your website.

安装:

  1. Upload the entire invalidate-logged-out-cookies/ directory to the /wp-content/plugins/ directory
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. If upgrading manually, make sure to disable and then re-enable the plugin (upgrading through the admin interface will do this automatically)

常见问题:

Will this plugin invalidate my cookies if I logged in before the plugin was activated?

No. This plugin will only invalidate cookies that were created after activating the plugin.

Will this plugin work with non-standard auth cookies?

Most likely, no. This plugin is only meant to be used with the standard auth cookies that WordPress uses.

Known conflicts with other plugins

This plugin overrides the core wp_validate_auth_cookie function. This means that you can't enable this plugin and another that also overrides the same function. This is a non-comprehensive list of other plugins that also override this function (and should not be used at the same time as this plugin):

How can I know if this plugin is properly overriding the 'wp_validate_auth_cookie' function?

Once activated, if this plugin is NOT overriding the function, then a message will be shown to admin users towards the top of every admin page.

更新日志:

0.1 Initial version (supports WP 2.8 only)