Steps to replicate the issue (include links if applicable):
- Delete the loginnotify_prevlogins cookie (or wait until it expires)
- Go to Special:Preferences and click Change Password
- You are asked to log in with your existing password, even if you have an active session
What happens?:
Login-Notify sends you an email saying "Someone (probably you) recently logged in to your account from a new device."
What should have happened instead?:
No email is sent.
Software version (skip for WMF-hosted wikis like Wikipedia):
Other information (browser name/version, screenshots, etc.):
This happened to me today when I changed my wikitech password. Wikitech seems to set a 6-month expiration for the loginnotify_prevlogins cookie, while enwiki seems to set a 2-year one.
I could reproduce the issue by deleting the cookie loginnotify_prevlogins then clicking on "Change password" again.