Eddie Roger wrote:
I was looking through changes to the apiedit branch
and saw a revert to
disable login tokens. I read the note in SVN as to why, but I don't
understand the benefit of just using cookies versus using tokens,
especially for robots. I'm not questioning Brion's decision, just
wondering if there was explanation.
The reason and vulnerability (which Roan already told you) was discussed
on wikitech at the time.