(Forked from Re: [Wikitech-l] "Not logged in" page)
Is it time to revisit this behaviour? It's come up as being a usability problem a few times now.
Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :(
See bug for reference [1]
[1] https://bugzilla.wikimedia.org/show_bug.cgi?id=49890 On 15 Jul 2014 18:38, "Bryan Davis" bd808@wikimedia.org wrote:
On Tue, Jul 15, 2014 at 7:25 PM, Jon Robson jdlrobson@gmail.com wrote:
regularly. I've found mediawiki logs me out despite the 'keep me logged in' box, when logging out on a different device, etc.
Well that's the bug then no and that should be fixed. Help us work out
why
it is occurring and let's get that dealt with.:)
We shouldn't be designing features for edge cases!
Logout was discussed recently on the QA list [0]. The discussion lead to Jon Robson pointing out bug 49890 [1] where Chris Steipp stated that logout is global.
[1]: https://bugzilla.wikimedia.org/show_bug.cgi?id=49890
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Tuesday, July 15, 2014, Jon Robson jdlrobson@gmail.com wrote:
(Forked from Re: [Wikitech-l] "Not logged in" page)
Is it time to revisit this behaviour? It's come up as being a usability problem a few times now.
Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :(
See bug for reference [1]
Yes, this is terrible UX. Logging out or in should only apply to one device.
On 15 Jul 2014 18:38, "Bryan Davis" <bd808@wikimedia.org javascript:;> wrote:
On Tue, Jul 15, 2014 at 7:25 PM, Jon Robson <jdlrobson@gmail.com
javascript:;> wrote:
regularly. I've found mediawiki logs me out despite the 'keep me logged in' box, when logging out on a different device, etc.
Well that's the bug then no and that should be fixed. Help us work out
why
it is occurring and let's get that dealt with.:)
We shouldn't be designing features for edge cases!
Logout was discussed recently on the QA list [0]. The discussion lead to Jon Robson pointing out bug 49890 [1] where Chris Steipp stated that logout is global.
[1]: https://bugzilla.wikimedia.org/show_bug.cgi?id=49890
Bryan Davis Wikimedia Foundation <bd808@wikimedia.org
[[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 15 July 2014 22:28, Steven Walling steven.walling@gmail.com wrote:
On Tuesday, July 15, 2014, Jon Robson jdlrobson@gmail.com wrote:
(Forked from Re: [Wikitech-l] "Not logged in" page)
Is it time to revisit this behaviour? It's come up as being a usability problem a few times now.
Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :(
See bug for reference [1]
Yes, this is terrible UX. Logging out or in should only apply to one device.
Or alternately have a "log out on this device/log out everywhere" option.
Risker/Anne
On 16/07/14 02:50, Risker wrote:
On 15 July 2014 22:28, Steven Walling steven.walling@gmail.com wrote:
On Tuesday, July 15, 2014, Jon Robson jdlrobson@gmail.com wrote:
(Forked from Re: [Wikitech-l] "Not logged in" page)
Is it time to revisit this behaviour? It's come up as being a usability problem a few times now.
Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :(
See bug for reference [1]
Yes, this is terrible UX. Logging out or in should only apply to one device.
Or alternately have a "log out on this device/log out everywhere" option.
Aye, they should be separated. The need to log out everywhere is a special case, but a potentially important one, as there are instances when users will want to forcibly log out devices they may not have direct access to (usually specifically because they don't have direct access to them). It's the sort of thing we'd want to have a special page/action for, but one that's not necessarily prominent - while the normal logout would be on every page, this would only be linked from the preferences, or something.
-I
I've actually found this to be a rather big pet peeve of mine w/ CentralAuth over the years. It would seem that logging out in CentralAuth means deleting everything in the cache with the user's info in it.
I'd prefer that we did Google's system that, in addition to allowing a separate "sign out all other sessions" option, also allows users to monitor which IP addresses their account was accessed from (which however would be akin to self CheckUser and might run afoul of our privacy policy).
On Tue, Jul 15, 2014 at 8:07 PM, Isarra Yos zhorishna@gmail.com wrote:
On 16/07/14 02:50, Risker wrote:
On 15 July 2014 22:28, Steven Walling steven.walling@gmail.com wrote:
On Tuesday, July 15, 2014, Jon Robson jdlrobson@gmail.com wrote:
(Forked from Re: [Wikitech-l] "Not logged in" page)
Is it time to revisit this behaviour? It's come up as being a usability problem a few times now.
Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :(
See bug for reference [1]
Yes, this is terrible UX. Logging out or in should only apply to one device.
Or alternately have a "log out on this device/log out everywhere"
option.
Aye, they should be separated. The need to log out everywhere is a special case, but a potentially important one, as there are instances when users will want to forcibly log out devices they may not have direct access to (usually specifically because they don't have direct access to them). It's the sort of thing we'd want to have a special page/action for, but one that's not necessarily prominent - while the normal logout would be on every page, this would only be linked from the preferences, or something.
-I
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
<quote name="Jasper Deng" date="2014-07-15" time="21:50:18 -0700">
I'd prefer that we did Google's system that, in addition to allowing a separate "sign out all other sessions" option, also allows users to monitor which IP addresses their account was accessed from (which however would be akin to self CheckUser and might run afoul of our privacy policy).
https://bugzilla.wikimedia.org/show_bug.cgi?id=27242 and https://www.mediawiki.org/wiki/Extension:AccountInfo
On Wed, Jul 16, 2014 at 12:50 AM, Jasper Deng jasper@jasperswebsite.com wrote:
I'd prefer that we did Google's system that, in addition to allowing a separate "sign out all other sessions" option, also allows users to monitor which IP addresses their account was accessed from (which however would be akin to self CheckUser and might run afoul of our privacy policy).
https://www.mediawiki.org/wiki/Extension:SecureSessions
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science
It seems like there is agreement on an approach
As I understand it: * special button that when clicked logs you out everywhere * default behaviour is just to log you out on current device
Does anyone want to own this and help move it forward? I've got too many things on my plate right now, but it's been bothering me for many years.
Although I don't have time/energy to do all of this, I'm happy to help out grabbing people to code review any patches, unblock any disagreements.
/me hopes someone puts their hand up
On Wed, Jul 16, 2014 at 4:06 AM, Tyler Romeo tylerromeo@gmail.com wrote:
On Wed, Jul 16, 2014 at 12:50 AM, Jasper Deng jasper@jasperswebsite.com wrote:
I'd prefer that we did Google's system that, in addition to allowing a separate "sign out all other sessions" option, also allows users to monitor which IP addresses their account was accessed from (which however would be akin to self CheckUser and might run afoul of our privacy policy).
https://www.mediawiki.org/wiki/Extension:SecureSessions
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Just to be clear, this is a CentralAuth issue. MediaWiki core already has logout localized by session, and I have an extension SecureSessions that already has a feature that shows all your logged in sessions and lets them log out.
It is CentralAuth that does global logout. -- Tyler Romeo 0x405D34A7C86B42DF
From: Jon Robson jdlrobson@gmail.com Reply: Wikimedia developers wikitech-l@lists.wikimedia.org> Date: July 21, 2014 at 14:35:54 To: Wikimedia developers wikitech-l@lists.wikimedia.org> Subject: Re: [Wikitech-l] logging out on one device logs user out everywhere
It seems like there is agreement on an approach
As I understand it: * special button that when clicked logs you out everywhere * default behaviour is just to log you out on current device
Does anyone want to own this and help move it forward? I've got too many things on my plate right now, but it's been bothering me for many years.
Although I don't have time/energy to do all of this, I'm happy to help out grabbing people to code review any patches, unblock any disagreements.
/me hopes someone puts their hand up
On Wed, Jul 16, 2014 at 4:06 AM, Tyler Romeo tylerromeo@gmail.com wrote:
On Wed, Jul 16, 2014 at 12:50 AM, Jasper Deng jasper@jasperswebsite.com wrote:
I'd prefer that we did Google's system that, in addition to allowing a separate "sign out all other sessions" option, also allows users to monitor which IP addresses their account was accessed from (which however would be akin to self CheckUser and might run afoul of our privacy policy).
https://www.mediawiki.org/wiki/Extension:SecureSessions
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
-- Jon Robson * http://jonrobson.me.uk * https://www.facebook.com/jonrobson * @rakugojon
_______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Mon, Jul 21, 2014 at 11:35 AM, Jon Robson jdlrobson@gmail.com wrote:
It seems like there is agreement on an approach
As I understand it:
- special button that when clicked logs you out everywhere
- default behaviour is just to log you out on current device
Where would this "log me out of all sessions" button go? Preferences?
On 21 July 2014 15:14, Steven Walling steven.walling@gmail.com wrote:
On Mon, Jul 21, 2014 at 11:35 AM, Jon Robson jdlrobson@gmail.com wrote:
It seems like there is agreement on an approach
As I understand it:
- special button that when clicked logs you out everywhere
- default behaviour is just to log you out on current device
Where would this "log me out of all sessions" button go? Preferences?
I hope not - the need to log out of a specific session rather than all sessions would often be situation-specific (e.g., leaving the home computer logged in while ending a session from the library wi-fi); it would be a pain to have to keep updating preferences everytime one of those situations occurs.
Risker/Anne
http://en.wikipedia.org/wiki/Special:UserLogout might be an obvious place (closest to the action)... although not sure how discoverable.
Do you want to logout everywhere <YES> <NO> [] Remember this decision
It seems like we could split this into 2 features though in the interest of getting things done. Right now I'm interested in just fixing the logout behaviour - in this day and age to many people are using too many different devices and this experience seems very broken.
On Mon, Jul 21, 2014 at 12:45 PM, Risker risker.wp@gmail.com wrote:
On 21 July 2014 15:14, Steven Walling steven.walling@gmail.com wrote:
On Mon, Jul 21, 2014 at 11:35 AM, Jon Robson jdlrobson@gmail.com wrote:
It seems like there is agreement on an approach
As I understand it:
- special button that when clicked logs you out everywhere
- default behaviour is just to log you out on current device
Where would this "log me out of all sessions" button go? Preferences?
I hope not - the need to log out of a specific session rather than all sessions would often be situation-specific (e.g., leaving the home computer logged in while ending a session from the library wi-fi); it would be a pain to have to keep updating preferences everytime one of those situations occurs.
Risker/Anne _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Il 21/07/2014 22:20, Jon Robson ha scritto:
http://en.wikipedia.org/wiki/Special:UserLogout might be an obvious place (closest to the action)... although not sure how discoverable.
Do you want to logout everywhere <YES> <NO> [] Remember this decision
It seems like we could split this into 2 features though in the interest of getting things done. Right now I'm interested in just fixing the logout behaviour - in this day and age to many people are using too many different devices and this experience seems very broken.
The problem is, that users don't really get addicted to our projects. They should /never/ need to log themselves out. ;-)
But if they want, a single click (or, maybe, a JavaScript popup like Echo's asking whether to logout from all devices) should take them out. There should be no need for an additional step (i.e. reload the page).
On Mon, Jul 21, 2014 at 1:20 PM, Jon Robson jdlrobson@gmail.com wrote:
http://en.wikipedia.org/wiki/Special:UserLogout might be an obvious place (closest to the action)... although not sure how discoverable.
Do you want to logout everywhere <YES> <NO> [] Remember this decision
It seems like we could split this into 2 features though in the interest of getting things done. Right now I'm interested in just fixing the logout behaviour - in this day and age to many people are using too many different devices and this experience seems very broken.
This seems potentially overcomplicated. Other sites doing this (Facebook, Google, others) don't put this kind of "close all sessions" option directly on logout. Let's get some input here from the UX team.
Sounds good. Adding design mailing list.
On Mon, Jul 21, 2014 at 2:02 PM, Steven Walling steven.walling@gmail.com wrote:
On Mon, Jul 21, 2014 at 1:20 PM, Jon Robson jdlrobson@gmail.com wrote:
http://en.wikipedia.org/wiki/Special:UserLogout might be an obvious place (closest to the action)... although not sure how discoverable.
Do you want to logout everywhere <YES> <NO> [] Remember this decision
It seems like we could split this into 2 features though in the interest of getting things done. Right now I'm interested in just fixing the logout behaviour - in this day and age to many people are using too many different devices and this experience seems very broken.
This seems potentially overcomplicated. Other sites doing this (Facebook, Google, others) don't put this kind of "close all sessions" option directly on logout. Let's get some input here from the UX team. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Cool. My $.02 on the feature,
I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference. I'd prefer if we could make the site preference (logout all sessions, or logout only the current session) to be configurable, so we can start with keeping the setting as is (and users can opt in), then we can change the site preference later if we decide it's a better tradeoff.
Unlike https, since this feature is for CentralAuth, let's not reuse core's session management pages (like Special:UserLogout). If we really have to add another page, it should be a new central auth page.
On Mon, Jul 21, 2014 at 3:03 PM, Jon Robson jdlrobson@gmail.com wrote:
Sounds good. Adding design mailing list.
On Mon, Jul 21, 2014 at 2:02 PM, Steven Walling steven.walling@gmail.com wrote:
On Mon, Jul 21, 2014 at 1:20 PM, Jon Robson jdlrobson@gmail.com wrote:
http://en.wikipedia.org/wiki/Special:UserLogout might be an obvious place (closest to the action)... although not sure how discoverable.
Do you want to logout everywhere <YES> <NO> [] Remember this decision
It seems like we could split this into 2 features though in the interest of getting things done. Right now I'm interested in just fixing the logout behaviour - in this day and age to many people are using too many different devices and this experience seems very broken.
This seems potentially overcomplicated. Other sites doing this (Facebook, Google, others) don't put this kind of "close all sessions" option directly on logout. Let's get some input here from the UX team. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
-- Jon Robson
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Chris Steipp wrote:
I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.
Please no. There's been a dedicated effort in 2014 to reduce the number of user preferences. They're costly to maintain and they typically indicate a design flaw: software should be sensible by default and a user preference should only be a tool of last resort. The general issue of user preferences-creep remains particularly acute as global (across a wikifarm) user preferences still do not exist. Of course in this specific case, given the relationship with CentralAuth, you probably could actually have a wikifarm-wide user preference, but that really misses the larger point that user preferences should be avoided, if at all possible.
I'll start a new thread about my broader thoughts here.
MZMcBride
On Tuesday, July 22, 2014, MZMcBride z@mzmcbride.com wrote:
Chris Steipp wrote:
I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.
Please no. There's been a dedicated effort in 2014 to reduce the number of user preferences. They're costly to maintain and they typically indicate a design flaw: software should be sensible by default and a user preference should only be a tool of last resort. The general issue of user preferences-creep remains particularly acute as global (across a wikifarm) user preferences still do not exist. Of course in this specific case, given the relationship with CentralAuth, you probably could actually have a wikifarm-wide user preference, but that really misses the larger point that user preferences should be avoided, if at all possible.
I'll start a new thread about my broader thoughts here.
I think we have too many preferences also, no disagreement there.
But like Risker, I too want to always destroy all my sessions when I logout (mostly because I log in and out of accounts a lot while testing, and I like knowing that applies to all the browsers I have open). So I'm biased towards thinking this is preference worthy, but I do think it's one of those things that if it doesn't behave as a user expects, they're going to think it's a flaw in the software and file a bug to change it.
I'm totally willing to admit the expectations I have are going to be the minority opinion. If it's a very, very small number of us, then yeah, preference isn't needed, and we can probably get by with a gadget.
Your proposal for account info and session management is good too. I hope someone's willing to pick that up.
MZMcBride
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I think generally user's expectation (and imho desirable behaviour in general[1]) is that logging out one session, does not affect other sessions.
However I think it's a valid use case to be able to invalidate other sessions remotely (e.g. you lost control over the device or it's inconvenient to get at), as well as being able to invalidate all other sessions (paranoia, convenience, clean slate, or " I can't remember what device that bloke had when I needed to check my e-mail and forgot to log out").
Both Gmail and Facebook currently implement systems like this.
On Gmail, you have a footnote "Last account activity: <time ago>" with a details link providing an overview of all current sessions (basically extracted from session data associated with the session cookies set for your account). It shows the device type (user agent or, if not cookie based, the protocol, like IMAP/SMTP), the location and IP, and when the session was last active. It has an option to "Sign out all other session".
On Facebook, the "Security Settings" feature has a section "Where You're Logged In" which is similar. Though slightly more enhanced in that it also allows ending individual sessions.
They also have a section "Trusted Browsers" which is slightly different in that it lists sessions that are of the "Remember me" type and also lists authenticated devices that won't ask for two-step verification again. And the ability to revoke any of them.
— Krinkle
[1] E.g. not expectation based on previous negative experience with other sites.
On 23 Jul 2014, at 16:45, Chris Steipp csteipp@wikimedia.org wrote:
On Tuesday, July 22, 2014, MZMcBride z@mzmcbride.com wrote:
Chris Steipp wrote:
I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.
Please no. There's been a dedicated effort in 2014 to reduce the number of user preferences. They're costly to maintain and they typically indicate a design flaw: software should be sensible by default and a user preference should only be a tool of last resort. The general issue of user preferences-creep remains particularly acute as global (across a wikifarm) user preferences still do not exist. Of course in this specific case, given the relationship with CentralAuth, you probably could actually have a wikifarm-wide user preference, but that really misses the larger point that user preferences should be avoided, if at all possible.
I'll start a new thread about my broader thoughts here.
I think we have too many preferences also, no disagreement there.
But like Risker, I too want to always destroy all my sessions when I logout (mostly because I log in and out of accounts a lot while testing, and I like knowing that applies to all the browsers I have open). So I'm biased towards thinking this is preference worthy, but I do think it's one of those things that if it doesn't behave as a user expects, they're going to think it's a flaw in the software and file a bug to change it.
I'm totally willing to admit the expectations I have are going to be the minority opinion. If it's a very, very small number of us, then yeah, preference isn't needed, and we can probably get by with a gadget.
Your proposal for account info and session management is good too. I hope someone's willing to pick that up.
MZMcBride
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Lots of great discussion and ideas here. Who's up for taking this on as a challenge or mentoring someone to do it?
--tomasz
On Wed, Jul 23, 2014 at 11:01 AM, Krinkle krinklemail@gmail.com wrote:
I think generally user's expectation (and imho desirable behaviour in general[1]) is that logging out one session, does not affect other sessions.
However I think it's a valid use case to be able to invalidate other sessions remotely (e.g. you lost control over the device or it's inconvenient to get at), as well as being able to invalidate all other sessions (paranoia, convenience, clean slate, or " I can't remember what device that bloke had when I needed to check my e-mail and forgot to log out").
Both Gmail and Facebook currently implement systems like this.
On Gmail, you have a footnote "Last account activity: <time ago>" with a details link providing an overview of all current sessions (basically extracted from session data associated with the session cookies set for your account). It shows the device type (user agent or, if not cookie based, the protocol, like IMAP/SMTP), the location and IP, and when the session was last active. It has an option to "Sign out all other session".
On Facebook, the "Security Settings" feature has a section "Where You're Logged In" which is similar. Though slightly more enhanced in that it also allows ending individual sessions.
They also have a section "Trusted Browsers" which is slightly different in that it lists sessions that are of the "Remember me" type and also lists authenticated devices that won't ask for two-step verification again. And the ability to revoke any of them.
— Krinkle
[1] E.g. not expectation based on previous negative experience with other sites.
On 23 Jul 2014, at 16:45, Chris Steipp csteipp@wikimedia.org wrote:
On Tuesday, July 22, 2014, MZMcBride z@mzmcbride.com wrote:
Chris Steipp wrote:
I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.
Please no. There's been a dedicated effort in 2014 to reduce the number of user preferences. They're costly to maintain and they typically indicate a design flaw: software should be sensible by default and a user preference should only be a tool of last resort. The general issue of user preferences-creep remains particularly acute as global (across a wikifarm) user preferences still do not exist. Of course in this specific case, given the relationship with CentralAuth, you probably could actually have a wikifarm-wide user preference, but that really misses the larger point that user preferences should be avoided, if at all possible.
I'll start a new thread about my broader thoughts here.
I think we have too many preferences also, no disagreement there.
But like Risker, I too want to always destroy all my sessions when I logout (mostly because I log in and out of accounts a lot while testing, and I like knowing that applies to all the browsers I have open). So I'm biased towards thinking this is preference worthy, but I do think it's one of those things that if it doesn't behave as a user expects, they're going to think it's a flaw in the software and file a bug to change it.
I'm totally willing to admit the expectations I have are going to be the minority opinion. If it's a very, very small number of us, then yeah, preference isn't needed, and we can probably get by with a gadget.
Your proposal for account info and session management is good too. I hope someone's willing to pick that up.
MZMcBride
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Le 16/07/2014 03:52, Jon Robson a écrit :
(Forked from Re: [Wikitech-l] "Not logged in" page)
Is it time to revisit this behaviour? It's come up as being a usability problem a few times now.
Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :(
See bug for reference [1]
Hello,
I would use a system similiar to Github or Phabricator. When you log out, it only invalidate your current browser session. Then in you preference you have a list of all valid sessions which which you can manually invalidate.
On Github that is under Settings -> Security https://github.com/settings/security
That shows me:
== Sessions == This is a list of devices that have logged into your account. Revoke any sessions that you do not recognize.
Nantes: some IP Safari on OS X 10.9.4 Location: Nantes, France Signed in: May 26, 2014
That gives enough information to identify the sessions and invalidate them if needed. We could add a tab to Special:Preferences.
An interesting feature on Github is the security history which listnew sessions and from where I logged on. Might be worth a look at.
The same goes on for Phabricator, if you are logged in: http://fab.wmflabs.org/settings/panel/sessions/
Gives me a table such as:
+--------+-------+----+---------------------+------------+ |Identity|Session|Type|Created |Expires | +--------+-------+----+---------------------+------------+ |hashar |abcdef |web |Apr 29 2014, 7:54 AM |Tue, Aug 19 | +--------+-------+----+---------------------+------------+
There are less informations than on Github though.
wikitech-l@lists.wikimedia.org