Pieter Konink wrote:
Hi, I've noticed that even though I will log out of my account on a recently-installed Wikimedia 1.3.11, it will keep me logged in in at least the main page.
This doesn't keep you logged in; rather, some pages which were cached while you were logged in will continue to show the cached copies (which have your username in the corner etc).
The bug is marked fixed, but the last post merely says it was fixed in the CVS ("... set cookie with logged in and log out timestamp, then check them when checking If-Modified-Since.").
I was just wondering if someone who is using CVS could fill me in on the code modified, or give me some pointers for how to do it myself. Thank you!
Upgrade to 1.4rc1, which will include the fix.
The specific changes will be iirc in OutputPage.php, User.php, and I think SpecialUserlogin.php. A timestamp cookie is set on logout to invalidate prior cached pages. This may not 'fix' issues like expired sessions or a closed and re-opened browser which circumvent the cookie-setting, though the presence/absense of session cookies may do it anyway; that hasn't been thoroughly tested.
-- brion vibber (brion @ pobox.com)