Extension talk:NetworkAuth

permission caching bug goes beyond just viewing browser cached pages
The logout page says, "some pages may continue to be displayed as if you were still logged in" -- OK, but not only that, you can actually edit and save changes even after logged out.

Scenario: I am logged in as a user with edit permissions and I was editing an article called "Sample_Article". Then I do a "log out" MediaWiki shows me this as expected: You are now logged out.

You can continue to use My Wiki anonymously, or you can log in again as the same or as a different user. Note that some pages may continue to be displayed as if you were still logged in, until you clear your browser cache.

Return to Sample_Article.

I then click on "Return to Sample_Article" and I'm returned to the article. It shows me logged-in as my former user login. That's OK. The log out warns me of this, so I understand this is a limitation. But I can actually click on "edit"; make changes; and then click "Save Page" to save those changes. I think allowing edits after a Log Out goes beyond a browser cache quirk. Allowing edits after a Log Out is a bug. The edits are also actually saved under the former user_id.

I'm testing with MediaWiki version 1.12.0. I have the following lines in my LocalSettings.php file. The 'Staff' user has read permissions set true, but edit is false: $wgUseFileCache = false; $wgNetworkAuthUsers[] = array(       'iprange'               => array('192.168.1.0/24'),        'user'                  => 'Staff');

--Noahspurrier 21:29, 3 September 2008 (UTC)