Page MenuHomePhabricator

Current collection is not purged after logout
Open, LowPublic

Description

  1. Login as user A
  2. Start creating book using Special:Book, add one page
  3. Logout
  4. Login as user B
  5. Go to Special:Book

you will see the page added by user A in the Special:Book

While collaboration should be encouraged (see T46185) I think this is pretty
unexpected.


Version: master
Severity: minor
See Also: T46185: Store created books on a server, not in the browser

Details

Reference
bz54183

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 1:51 AM
bzimport set Reference to bz54183.
bzimport added a subscriber: Unknown Object (MLST).
saper created this task.Sep 16 2013, 8:22 PM

To clarify, this is about the current (non-saved) collection in the process of being gathered, not about the actual output. The collection, when submitted for rendering, is only accessible at an URL containing something like collection_id=64d6f54fa718e186 (safer than most passwords).

saper added a comment.Apr 25 2014, 9:21 AM

Fully agree, thanks. I actually wonder how much this is an actual problem. One could imagine for example, that anonymous user has this feature enabled as well and then this kind of behavior is correct (same set of pages available regardless whether logged in or out).

(In reply to Marcin Cieślak from comment #2)

I actually wonder how much this is an actual problem.

I was tempted to close it invalid/wontfix. :) As currently phrased I think it's valid in principle, but I don't know what expectations registered users with shared computers have.

Aklapper updated the task description. (Show Details)Sep 15 2020, 3:55 PM
Aklapper removed a subscriber: wikibugs-l-list.