On Fri, Apr 11, 2008 at 9:48 AM, Brion Vibber <brion(a)wikimedia.org> wrote:
Logging out:
Currently, logout only clears your global session cookies; it doesn't
clear local session state. You log in once, but you may have to log out
many times.
This was previously done by NOT setting local cookies on every single wiki
that you're automatically authenticated on. Using the AutoAuthenticate hook
is sufficient to stay logged-in on every wiki (although, admittedly, it's
a bit nasty on the DB servers, so, depending on how much of a bottleneck
that becomes, I may store the global sessions in memcached). So, the idea
is, when you log out, it'll unset the global cookies, and there'll be nothing to
say you're logged into that wiki, so you're logged out.
However, as of r33103, setCookies() is now called on a local user when they
are authenticated by the AutoAuthenticate hook, which means that users
will now have to log out on every wiki.
So yes, you're right, but only as of r33103.
--
Andrew Garrett