On Sun, 18 May 2003 08:04:56 -0700 (PDT), koyaanis qatsi obchodnakorze@yahoo.com gave utterance to the following:
Erik writes:
I think we're still talking past each other. Banned IP addresses can login, but they cannot edit, even if they're logged in. The IP address of the user in question (Stick) is not banned.
Yes. We're talking past each other. What I'm saying is that a banned IP that tries to access the "login" page, regardless of whether it's logged in already, could be served a 404. This could prevent people like Michael or yesterday's vandal from coming back with several different usernames. Again, I'm not sure if this is a good or bad idea--there may be other, bad results as well.
Given that any form POST of a reasonable length can have a GET substituted for it, it is easy to bookmark an URL which replicates the form submission and never requires the login page to be served. (I won't post that here but will explain off list if required).
Actually I've always wondered why non-logged users didn't see a quick login form on the Wikipedia home page.