This plugin will immediately invalidate your auth cookies when you manually log out.
| Author: | moggy (profile at wordpress.org) |
| WordPress version required: | 2.9 |
| WordPress version tested: | 2.9.2 |
| Plugin version: | 0.1.1 |
| Added to WordPress repository: | 21-06-2009 |
| Last updated: | 22-05-2010
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 0 |
| Rated by: | 0 |
| Plugin URI: | http://wordpress.org/extend/plugins/invalidat... |
| Total downloads: | 1 742 |
| Active installs: | 10+ |
 Click to start download |
|
Due to lack of interest (both my own and based on the number of downloads) this plugin will not be updated for WP 3.0
WordPress’ auth cookies include a built-in expiration date (either 2 or 14 days depending on if the ‘Remember Me’ option is checked). Even if you remove the client-side cookie (by manually logging out or just closing your browser if ‘Remember Me’ wasn’t checked when logging in) the data that was stored within the cookie is still valid until the expiration date is reached.
This could be an issue if someone managed to “steal” your cookie(s). They would still be able to access your website for some time into the future.
This plugin will immediately invalidate your auth cookies when you manually log out. This, of course, also means that you have to manually click ‘Log out’ for this plugin to work properly (you can’t just close your browser to remove any cookies that expire at the end of the session). This won’t prevent session hijacking, but should limit the amount of time that an attacker can access your website.
FAQ
ChangeLog