Jim Higson wrote:
Actually, where is the token on the edit page? This sounds like a silly question, but I've just saved the HTML of an edit page and greped for 'token' without any hits!
The edit token is presently only used for logged-in users.
a) It's purpose is to prevent offsite form submissions from hijacking users' login credentials to perform actions on the wiki; an anonymous visitor has the same rights as the attacker would
b) It relies on having an open session to store the master token in, which will fail for an anonymous editor not accepting cookies.
-- brion vibber (brion @ pobox.com)