Last modified: 2014-09-01 23:12:20 UTC
In the recent user data leaking issue, we forced users to change password on login. After password is changed, the user is logged locally (and also project-wise, eg, for other wikipedia sites) automatically, but not logged in on another project.
Logins using temporary password ("Reset your password" feature) are also affected.
I saw this last night. You're actually logged in as your SUL user (as you noted, but being logged into other wikipedia.org subdomains), but we don't do the redirect through loginwiki since the normal login hooks aren't called, so you won't be logged into the other projects. I'm planning to rework the patches we put in for this particular incident, which will do the full SUL2 handshake after the login finishes.
(In reply to comment #2 by csteipp) > I'm planning to rework the patches we put in for this particular incident, > which will do the full SUL2 handshake after the login finishes. csteipp: Any vague timeframe (if this is still the plan)?
Platform has let me schedule some password work this quarter, which this falls under. So March-ish is a good target.
(In reply to Chris Steipp from comment #4) > Platform has let me schedule some password work this quarter, which this > falls under. So March-ish is a good target. Chris: How did reality bite, and any new approx. timeframe? :)
I haven't been able to get to it yet