[gogarth]

BBPress seems to use the kind of cookie that resides on the user’s machine unless they actively log out.

Can anyone help me modify/ add custom code (or point me to a useful plug-in ) so that its lifetime is limited to the session only?

Also, should I be using something like session_cache_limiter(‘nocache’) for further privacy, or is this already taken care of?

I have recently installed the excellent Private Forums plug-in as an alternative to using the more cumbersome HTTP authentication method, which has prompted me to think about this potential security issue. Private Forums is only truly secure if the user remembers to log out.

[gogarth]

I think I have answered my own question.

I modified the $expires value /bb-includes/pluggable.php from time() + 604800 to 0.

This appears to have done the trick.

I don’t know if this is technically correct way to do it, however, as I will now need to remember this modification if I overwrite the files with an update. Should I have written a little plug-in to achieve this?

[Trent Adams]

A plugin would be the best way so that it doesn’t require a core change.

Trent

[ardentfrost]

I’m not sure, but looking at the pluggable code, you might be able to drop this into your my-plugins directory and it work without changing core files:

function bb_cookie( $name, $value, $expires = 0 ) {

global $bb;

if ( !$expires )

$expires = time() + 604800;

if ( isset( $bb->cookiedomain ) )

setcookie( $name, $value, $expires, $bb->cookiepath, $bb->cookiedomain );

else

setcookie( $name, $value, $expires, $bb->cookiepath );

}

Then make the same change you made last time (changing 604800 to 0 or something, whatever you did)

[gogarth]

Yes – it did work!

Thank you very much. It also helped me understand the plugin-friendly framework into the bargain.

Julian