https://bugzilla.wikimedia.org/show_bug.cgi?id=71066
Bug ID: 71066
Summary: Users are not logged out when logging in as another
user
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: User login and signup
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Web browser: ---
Mobile Platform: ---
When already logged in, the login form (after I7e40c13a6ca5) will allow users
to log in again as another user. However, in this scenario, LoginForm does not
call $user->logout() on the original user.
The question: should it?
Extensions may be expecting the appropriate hooks to be called any time a user
ends their session (and in this case, even though they are switching users, it
can be considered an end to the session).
For example, Extension:SecureSessions keeps track of where a user is logged in,
and shows that information to the user. However, it depends on the UserLogout
hook to know when a session is terminated.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
