Page MenuHomePhabricator
Create Task
Maniphest T50499

Logging in with a temporary password doesn't really log me in while logged in as another user
Open, LowPublic
Actions

Description

Repro:

  1. Request a password reset for User:A
  2. Log in to the wiki as User:B
  3. Go to [[Special:UserLogin]]
  4. Try to log in as User:A using the password in the mail
  5. Follow the instruction to set a new password for User:A

Result:

I'm still logged in as User:B.

Expected:

I'm now logged in as User:A.

Version: 1.22.0
Severity: normal

Details

Reference
bz48499

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 1:37 AM
bzimport added a project: MediaWiki-User-login-and-signup.
bzimport set Reference to bz48499.
bzimport added a subscriber: Unknown Object (MLST).
liangent created this task.May 15 2013, 7:05 AM
liangent added a comment.May 15 2013, 7:09 AM

btw the instruction in step 5 is:

You logged in with a temporary emailed code. *To finish logging in*, you must set a new password here:

Parent5446 added a comment.May 26 2013, 11:45 PM

Shamless plug: one way to fix this is to get rid of temporary passwords entirely (https://gerrit.wikimedia.org/r/27472)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL