https://bugzilla.wikimedia.org/show_bug.cgi?id=49890
--- Comment #18 from Tim Starling <[email protected]> --- Before CentralAuth, logout was local, and password change was an effective global logout, invalidating all sessions and persistent cookies. I remember reimplementing this policy in r5523, I had no problem with it. The change in policy for CentralAuth was apparently done by Andrew Garrett in r33061. The doc comment on resetAuthToken() indicates that it was a deliberate policy -- although the fact that it is a different policy from the core was not noted. I reviewed it at the time (as evidenced by r33063), but I don't think I considered the logout policy beyond accepting the emphatic rationale in the doc comment. I am fine with the idea of making logout local again, but I think a nice additional feature would be to add a button to the logout success page which allows you to explicitly log out from all devices, without having to reset your password. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
