see title.
Possibly password reset would invalidate the cookies too, but global lock should really make all old cookies useless
Arguably we should do something similar for normal blocks, although that goes against current expectations
see title.
Possibly password reset would invalidate the cookies too, but global lock should really make all old cookies useless
Arguably we should do something similar for normal blocks, although that goes against current expectations
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Log user out when their account gets globally locked | mediawiki/extensions/CentralAuth | master | +2 -0 |
Oops. Didn't notice this was a security bug and put up https://gerrit.wikimedia.org/r/#/c/322227/ as a normal patch.
Dont worry, i only put it as security so as not to give OurMine any ideas. I dont really think its a sensitive issue
@Reedy: +2'ed on 2019-05-01 and merged (thanks).
Can this task get closed as resolved? Can it be made public?