Andrew Garrett wrote:
On Sat, Apr 12, 2008 at 4:36 AM, Brion Vibber brion@wikimedia.org wrote:
This was previously done by NOT setting local cookies on every single wiki that you're automatically authenticated on.
Which means it doesn't set up a local session or update your cache timestamp, which means you see various uncached settings and your first edit fails. :)
These are bad, hence my fix.
I asked Tim, and he told me there wasn't any reason to be setting local cookies in doing this, so I removed that line from wfCentralAuthSessionInit.
Note that the local session needs to initialised, for the benefit of edit tokens and the like. But the session does not need to contain authentication data, and the local authentication cookies do not need to be set. If there are any local authentication cookies (session or persistent), we would need to have a way of deleting them on logout. It's bad enough deleting cookies for 8 second-level domains.
This is what Andrew has implemented, a local session which does not log you in.
-- Tim Starling