Andre Engels wrote:
There is a so-called edit token that gets sent with every edit you make. If your sending has no edit token, or the wrong one, you will get a preview page instead. Normally your edit token is connected to your login. As I have been told, it is used to make it harder to make changes claiming to be someone else.
As an example: As a malicious person, I could make a web page filled with code like this: <img src="http://en.wikipedia.org/w/index.php?title=SomePage&action=rollback&from=SomeVandalName"> and try to get sysops to visit it (for instance by placing the link as an external link in an article and waiting for someone to look at it to verify if it's a good reference or spam).
A few minutes later, the victim sysop would be reading a rash of complaints on their talk page with great confusion.
Apparently on rare occasions, your edit token changes, and so you will get a preview page instead of a change. However, on rollbacks you can't get a preview page, so this error message is provided instead.
Also, I'm not sure that the login session is being properly initialized when you visit with a saved-password token cookie. I'll have to look at it a bit more.
If you find this happening to you, try a) going to an edit page if you haven't during this session, or b) log out and log back in.
-- brion vibber (brion @ pobox.com)