Andre Engels wrote:
There is a so-called edit token that gets sent with
every edit you
make. If your sending has no edit token, or the wrong one, you will
get a preview page instead. Normally your edit token is connected to
your login. As I have been told, it is used to make it harder to make
changes claiming to be someone else.
As an example: As a malicious person, I could make a web page filled
with code like this:
<img
src="http://en.wikipedia.org/w/index.php?title=SomePage&action=rol…
and try to get sysops to visit it (for instance by placing the link as
an external link in an article and waiting for someone to look at it to
verify if it's a good reference or spam).
A few minutes later, the victim sysop would be reading a rash of
complaints on their talk page with great confusion.
Apparently on rare occasions,
your edit token changes, and so you will get a preview page instead of
a change. However, on rollbacks you can't get a preview page, so this
error message is provided instead.
Also, I'm not sure that the login session is being properly initialized
when you visit with a saved-password token cookie. I'll have to look at
it a bit more.
If you find this happening to you, try a) going to an edit page if you
haven't during this session, or b) log out and log back in.
-- brion vibber (brion @
pobox.com)