On Fri, Apr 11, 2008 at 9:48 AM, Brion Vibber brion@wikimedia.org wrote:
Logging out:
Currently, logout only clears your global session cookies; it doesn't clear local session state. You log in once, but you may have to log out many times.
This was previously done by NOT setting local cookies on every single wiki that you're automatically authenticated on. Using the AutoAuthenticate hook is sufficient to stay logged-in on every wiki (although, admittedly, it's a bit nasty on the DB servers, so, depending on how much of a bottleneck that becomes, I may store the global sessions in memcached). So, the idea is, when you log out, it'll unset the global cookies, and there'll be nothing to say you're logged into that wiki, so you're logged out.
However, as of r33103, setCookies() is now called on a local user when they are authenticated by the AutoAuthenticate hook, which means that users will now have to log out on every wiki.
So yes, you're right, but only as of r33103.