During the last SessionManager rollout attempt (January 26 to 30) there were two reports of users being logged into the wrong account (i.e. they logged in, or were already logged in, as User:Abc, but suddenly the wiki software recognized them as User:Xyz). That is tracked in T125283 (which is non-public because it contains some login details) and (most of) the response to it is tracked in T124440; this task is to have a public place to collect more information about which users were affected.
If you have information about that happening (most likely between January 26 to 30, but if you have heard of it happening at any time in the last few weeks, please report it), please submit it here (or if you want to include private information, open a new task, select "Security: Software security issue", and mention the task number here). Helpful details:
- time (hour or minute is extra helpful if available)
- user account that the user should have been logged into, user account they actually logged into
- wiki where it happened
- was this the result of a manual login, or did becoming a different user "just happen"
- did this happen after visiting a wiki that the user has not visited for a while (weeks)
- what browser was used