https://bugzilla.wikimedia.org/show_bug.cgi?id=31845
Web browser: ---
Bug #: 31845
Summary: Anonymous users see sysop links due to UserID cookie
Product: MediaWiki
Version: 1.16.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: User login
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
When the createaccount right has been reserved for sysops, regular users only
see the 'login' link when they arrive at the wiki, not the 'login/create
account' link.
I have encountered situations (not sure why, don't care much why either) in
which some cookies lingered after a session expired. In particular, for a user
with sysop rights the UserName and UserID cookies remained, while the session
and Token cookies had disappeared. The problem here is the UserID cookie:
whenever that cookie is present, the (now anonymous!) user is greeted with a
'login/create account' link instead of only a 'login' link.
Steps to reproduce:
0. Set $wgGroupPermissions['*']['createaccount'] = false;
result: anonymous user sees "Login" link instead of "Login/Create account"
1. Log in as a user with sysop rights
2. Delete the "session" and "Token" cookies from your system. Ensure the
"UserID" cookie remains.
3. Refresh the page (F5)
result: the (now anonymous) user sees "Login/Create account" link. Should be
"Login". Note that, even though the wrong link is displayed, the user is still
not able to create an account.
4. Delete the "UserID" cookie
5. Refresh the page (F5)
result: the (still anonymous) user correctly sees only the "Login" link again.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
