https://bugzilla.wikimedia.org/show_bug.cgi?id=49890
MZMcBride <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #16 from MZMcBride <[email protected]> --- (In reply to Chris Steipp from comment #5) > Yes. Logging *out* refreshes a token, so other logged in sessions will be > invalidated. This was done by Tim in 2008, and as I understand it, it's by > design. Done by Tim in the CentralAuth extension? Cross-referencing a commit or SVN revision would be helpful for me. The current behavior (log out anywhere logs out everywhere) has probably become the expected behavior. I've personally relied on the behavior to stop adminbots running under my account, as I recall. I would like to think that most users typically stay logged in on their devices or use incognito mode on a public computer, but perhaps this is an overly optimistic view. > I personally like that it works this way, in case a user forgets they logged > in somewhere and left the browser open. however we could do something like > facebook, and provide a button in the user's preferences to log out any > other sessions. [[mw:Extension:SecureSessions]], of course. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
