https://bugzilla.wikimedia.org/show_bug.cgi?id=66699
--- Comment #24 from Krinkle <[email protected]> --- Hm.. also relevant is that we invalidate existing sessions when a new session starts for a user. So in case of theft or hijacking in a way where the user logs in again on a different browser / account / computer, the old session will be immediately invalidated. Though only if the user logs in with "Remember me", a short session login maintains validity of the existing Remember-me session on the server. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
