Rows in the CheckUser result tables appeared to suggest that logged out users were successfully performing a logout action. As an enwiki CU I was confused and decided to look at this today. I found that this was re-producable on my local wiki if I used the logout API when I was already logged out.
This is not possible to reproduce using Special:UserLogout as there is a check that outputs the success message early if the user is already logged out.
Example data from my local testing wiki (which therefore is not private data) with the problematic rows:
Steps to replicate the issue
- Open Special:ApiSandbox while logged out
- Choose logout as the action, add the token for the request, and then click Make request
- Log into an account with the checkuser group
- Open Special:CheckUser, enter the IP address used to make the API request in step 2 as the username, and run a Get actions check
What happens?:
CheckUser shows rows for a IP address "successfully" logging out
What should have happened instead?:
No rows should appear as the user was not logged in, so cannot log out