WordPress sets a cookie on a user’s computer that remains stored for 10 days after they visit a site. This means they will not have to re-enter their info every time they leave a comment, nor will they have to re-enter the password on password protected pages or posts. Sometimes, however, a site owner might want to require the password each time a visitor wants to view a certain page. Here’s how:

Check out wp-pass.php in your wordpress directory.
You’ll find a line like this:
setcookie(‘wp-postpass_’ . COOKIEHASH, $_POST[‘post_password’], time() + 2, COOKIEPATH);
The value after the “+” indicates the time in seconds, the cookie stays valid. In this example it is valid for 2 seconds, setting it to 7200 would be equivalent to 2 hours.

This, of course, is a trade off. If there is very active discussion on a site, users may become frustrated at having to re-enter their information each time they want to leave a comment. In this case, it might be better to find another solution for protecting information on a given page.