I just installed nightly build, 2008-09-15, to get the latest fixes for the album passwords. This build lets me now apply an album password and locks the album until I enter the password. But it seems like this information is persisted in a cookie (Enable gallery sessions is not checked) forever. I mean, once I enter the album password I always have access to the album. Is this is the intended functionality? If it is true, one should be careful where they enable this album, for example at a public computer, because once the album’s password in entered anyone that has access to the computer has access to the album. Is there a time limit on how long the password is persisted?
Zenphoto
Comments
Of course one should never enter user/passwords on a public computer. That is always a danger. You have no idea what spyware, keyboard loggers, etc. might be on that computer.
I looked into the time out and it's 60 days! I'll add a feature request to make this timeout something that can be set in the admin pages.