logging out on one device logs user out everywhere

List overview All Threads
Download

newer

older

next week: caching overhaul RfC

MediaWiki Security and Maintenance...

Jon Robson

16 Jul 2014 16 Jul '14

1:52 a.m.

(Forked from Re: [Wikitech-l] "Not logged in" page) Is it time to revisit this behaviour? It's come up as being a usability problem a few times now. Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :( See bug for reference [1] [1] https://bugzilla.wikimedia.org/show_bug.cgi?id=49890 On 15 Jul 2014 18:38, "Bryan Davis" <bd808(a)wikimedia.org> wrote:

...

On Tue, Jul 15, 2014 at 7:25 PM, Jon Robson <jdlrobson(a)gmail.com> wrote:

regularly. I've found mediawiki logs me out despite the 'keep me logged in' box, when logging out on a different device, etc.

Well that's the bug then no and that should be fixed. Help us work out

why

it is occurring and let's get that dealt with.:) We shouldn't be designing features for edge cases!

Logout was discussed recently on the QA list [0]. The discussion lead to Jon Robson pointing out bug 49890 [1] where Chris Steipp stated that logout is global. [0]:https://www.mail-archive.com/qa@lists.wikimedia.org/msg01559.html [1]: https://bugzilla.wikimedia.org/show_bug.cgi?id=49890 -- Bryan Davis Wikimedia Foundation <bd808(a)wikimedia.org> [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855 _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Show replies by date

Steven Walling

16 Jul 16 Jul

2:28 a.m.

On Tuesday, July 15, 2014, Jon Robson <jdlrobson(a)gmail.com> wrote:

...

Yes, this is terrible UX. Logging out or in should only apply to one device.

...

On 15 Jul 2014 18:38, "Bryan Davis" <bd808(a)wikimedia.org <javascript:;>> wrote:

On Tue, Jul 15, 2014 at 7:25 PM, Jon Robson <jdlrobson(a)gmail.com

<javascript:;>> wrote:

regularly. I've found mediawiki logs me out despite the 'keep me logged in' box, when logging out on a different device, etc.

Well that's the bug then no and that should be fixed. Help us work out

why

it is occurring and let's get that dealt with.:) We shouldn't be designing features for edge cases!

<javascript:;>>

[[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855 _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org <javascript:;> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org <javascript:;> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Risker

2:50 a.m.

On 15 July 2014 22:28, Steven Walling <steven.walling(a)gmail.com> wrote:

...

On Tuesday, July 15, 2014, Jon Robson <jdlrobson(a)gmail.com> wrote:

Yes, this is terrible UX. Logging out or in should only apply to one device.

Or alternately have a "log out on this device/log out everywhere" option. Risker/Anne

Isarra Yos

3:07 a.m.

On 16/07/14 02:50, Risker wrote:

...

On 15 July 2014 22:28, Steven Walling <steven.walling(a)gmail.com> wrote:

On Tuesday, July 15, 2014, Jon Robson <jdlrobson(a)gmail.com> wrote:

Yes, this is terrible UX. Logging out or in should only apply to one device.

Or alternately have a "log out on this device/log out everywhere" option.

Aye, they should be separated. The need to log out everywhere is a special case, but a potentially important one, as there are instances when users will want to forcibly log out devices they may not have direct access to (usually specifically because they don't have direct access to them). It's the sort of thing we'd want to have a special page/action for, but one that's not necessarily prominent - while the normal logout would be on every page, this would only be linked from the preferences, or something. -I

Jasper Deng

4:50 a.m.

I've actually found this to be a rather big pet peeve of mine w/ CentralAuth over the years. It would seem that logging out in CentralAuth means deleting everything in the cache with the user's info in it. I'd prefer that we did Google's system that, in addition to allowing a separate "sign out all other sessions" option, also allows users to monitor which IP addresses their account was accessed from (which however would be akin to self CheckUser and might run afoul of our privacy policy). On Tue, Jul 15, 2014 at 8:07 PM, Isarra Yos <zhorishna(a)gmail.com> wrote:

...

On 16/07/14 02:50, Risker wrote:

On 15 July 2014 22:28, Steven Walling <steven.walling(a)gmail.com> wrote: On Tuesday, July 15, 2014, Jon Robson <jdlrobson(a)gmail.com> wrote:

(Forked from Re: [Wikitech-l] "Not logged in" page)

Is it time to revisit this behaviour? It's come up as being a usability problem a few times now. Currently if I log out of a public computer it logs me out of my tablet device,mobile device and home computer. :( See bug for reference [1] [1] https://bugzilla.wikimedia.org/show_bug.cgi?id=49890

Yes, this is terrible UX. Logging out or in should only apply to one device. Or alternately have a "log out on this device/log out everywhere"

option.

Greg Grossmeier

5:24 a.m.

...

I'd prefer that we did Google's system that, in addition to allowing a separate "sign out all other sessions" option, also allows users to monitor which IP addresses their account was accessed from (which however would be akin to self CheckUser and might run afoul of our privacy policy).

https://bugzilla.wikimedia.org/show_bug.cgi?id=27242 and https://www.mediawiki.org/wiki/Extension:AccountInfo -- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |

Tyler Romeo

11:06 a.m.

On Wed, Jul 16, 2014 at 12:50 AM, Jasper Deng <jasper(a)jasperswebsite.com> wrote:

...

https://www.mediawiki.org/wiki/Extension:SecureSessions *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science

Jon Robson

21 Jul 21 Jul

6:35 p.m.

It seems like there is agreement on an approach As I understand it: * special button that when clicked logs you out everywhere * default behaviour is just to log you out on current device Does anyone want to own this and help move it forward? I've got too many things on my plate right now, but it's been bothering me for many years. Although I don't have time/energy to do all of this, I'm happy to help out grabbing people to code review any patches, unblock any disagreements. /me hopes someone puts their hand up On Wed, Jul 16, 2014 at 4:06 AM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:

...

On Wed, Jul 16, 2014 at 12:50 AM, Jasper Deng <jasper(a)jasperswebsite.com> wrote:

https://www.mediawiki.org/wiki/Extension:SecureSessions *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

-- Jon Robson * http://jonrobson.me.uk * https://www.facebook.com/jonrobson * @rakugojon

Tyler Romeo

6:46 p.m.

Just to be clear, this is a CentralAuth issue. MediaWiki core already has logout localized by session, and I have an extension SecureSessions that already has a feature that shows all your logged in sessions and lets them log out. It is CentralAuth that does global logout. -- Tyler Romeo 0x405D34A7C86B42DF From: Jon Robson <jdlrobson(a)gmail.com> Reply: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>> Date: July 21, 2014 at 14:35:54 To: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>> Subject: Re: [Wikitech-l] logging out on one device logs user out everywhere It seems like there is agreement on an approach As I understand it: * special button that when clicked logs you out everywhere * default behaviour is just to log you out on current device Does anyone want to own this and help move it forward? I've got too many things on my plate right now, but it's been bothering me for many years. Although I don't have time/energy to do all of this, I'm happy to help out grabbing people to code review any patches, unblock any disagreements. /me hopes someone puts their hand up On Wed, Jul 16, 2014 at 4:06 AM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:

...

On Wed, Jul 16, 2014 at 12:50 AM, Jasper Deng <jasper(a)jasperswebsite.com> wrote:

-- Jon Robson * http://jonrobson.me.uk * https://www.facebook.com/jonrobson * @rakugojon _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Steven Walling

7:14 p.m.

On Mon, Jul 21, 2014 at 11:35 AM, Jon Robson <jdlrobson(a)gmail.com> wrote:

...

It seems like there is agreement on an approach As I understand it: * special button that when clicked logs you out everywhere * default behaviour is just to log you out on current device

Where would this "log me out of all sessions" button go? Preferences?

Risker

7:45 p.m.

On 21 July 2014 15:14, Steven Walling <steven.walling(a)gmail.com> wrote:

...

On Mon, Jul 21, 2014 at 11:35 AM, Jon Robson <jdlrobson(a)gmail.com> wrote:

It seems like there is agreement on an approach As I understand it: * special button that when clicked logs you out everywhere * default behaviour is just to log you out on current device

Where would this "log me out of all sessions" button go? Preferences?

Jon Robson

8:20 p.m.

http://en.wikipedia.org/wiki/Special:UserLogout might be an obvious place (closest to the action)... although not sure how discoverable. Do you want to logout everywhere <YES> <NO> [] Remember this decision It seems like we could split this into 2 features though in the interest of getting things done. Right now I'm interested in just fixing the logout behaviour - in this day and age to many people are using too many different devices and this experience seems very broken. On Mon, Jul 21, 2014 at 12:45 PM, Risker <risker.wp(a)gmail.com> wrote:

...

On 21 July 2014 15:14, Steven Walling <steven.walling(a)gmail.com> wrote:

On Mon, Jul 21, 2014 at 11:35 AM, Jon Robson <jdlrobson(a)gmail.com> wrote:

It seems like there is agreement on an approach As I understand it: * special button that when clicked logs you out everywhere * default behaviour is just to log you out on current device

Where would this "log me out of all sessions" button go? Preferences?

I hope not - the need to log out of a specific session rather than all sessions would often be situation-specific (e.g., leaving the home computer logged in while ending a session from the library wi-fi); it would be a pain to have to keep updating preferences everytime one of those situations occurs. Risker/Anne _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

-- Jon Robson * http://jonrobson.me.uk * https://www.facebook.com/jonrobson * @rakugojon

Ricordisamoa

8:39 p.m.

Il 21/07/2014 22:20, Jon Robson ha scritto:

...

The problem is, that users don't really get addicted to our projects. They should /never/ need to log themselves out. ;-) But if they want, a single click (or, maybe, a JavaScript popup like Echo's asking whether to logout from all devices) should take them out. There should be no need for an additional step (i.e. reload the page).

Steven Walling

9:02 p.m.

On Mon, Jul 21, 2014 at 1:20 PM, Jon Robson <jdlrobson(a)gmail.com> wrote:

...

Jon Robson

10:03 p.m.

Sounds good. Adding design mailing list. On Mon, Jul 21, 2014 at 2:02 PM, Steven Walling <steven.walling(a)gmail.com> wrote:

...

On Mon, Jul 21, 2014 at 1:20 PM, Jon Robson <jdlrobson(a)gmail.com> wrote:

This seems potentially overcomplicated. Other sites doing this (Facebook, Google, others) don't put this kind of "close all sessions" option directly on logout. Let's get some input here from the UX team. _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

-- Jon Robson * http://jonrobson.me.uk * https://www.facebook.com/jonrobson * @rakugojon

Chris Steipp

22 Jul 22 Jul

4:05 p.m.

Cool. My $.02 on the feature, I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference. I'd prefer if we could make the site preference (logout all sessions, or logout only the current session) to be configurable, so we can start with keeping the setting as is (and users can opt in), then we can change the site preference later if we decide it's a better tradeoff. Unlike https, since this feature is for CentralAuth, let's not reuse core's session management pages (like Special:UserLogout). If we really have to add another page, it should be a new central auth page. On Mon, Jul 21, 2014 at 3:03 PM, Jon Robson <jdlrobson(a)gmail.com> wrote:

...

Sounds good. Adding design mailing list. On Mon, Jul 21, 2014 at 2:02 PM, Steven Walling <steven.walling(a)gmail.com> wrote:

On Mon, Jul 21, 2014 at 1:20 PM, Jon Robson <jdlrobson(a)gmail.com> wrote:

MZMcBride

23 Jul 23 Jul

12:28 a.m.

Chris Steipp wrote:

...

I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.

Please no. There's been a dedicated effort in 2014 to reduce the number of user preferences. They're costly to maintain and they typically indicate a design flaw: software should be sensible by default and a user preference should only be a tool of last resort. The general issue of user preferences-creep remains particularly acute as global (across a wikifarm) user preferences still do not exist. Of course in this specific case, given the relationship with CentralAuth, you probably could actually have a wikifarm-wide user preference, but that really misses the larger point that user preferences should be avoided, if at all possible. I'll start a new thread about my broader thoughts here. MZMcBride

Chris Steipp

3:45 p.m.

On Tuesday, July 22, 2014, MZMcBride <z(a)mzmcbride.com> wrote:

...

Chris Steipp wrote:

I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.

I think we have too many preferences also, no disagreement there. But like Risker, I too want to always destroy all my sessions when I logout (mostly because I log in and out of accounts a lot while testing, and I like knowing that applies to all the browsers I have open). So I'm biased towards thinking this is preference worthy, but I do think it's one of those things that if it doesn't behave as a user expects, they're going to think it's a flaw in the software and file a bug to change it. I'm totally willing to admit the expectations I have are going to be the minority opinion. If it's a very, very small number of us, then yeah, preference isn't needed, and we can probably get by with a gadget. Your proposal for account info and session management is good too. I hope someone's willing to pick that up.

...

MZMcBride _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org <javascript:;> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Krinkle

6:01 p.m.

I think generally user's expectation (and imho desirable behaviour in general[1]) is that logging out one session, does not affect other sessions. However I think it's a valid use case to be able to invalidate other sessions remotely (e.g. you lost control over the device or it's inconvenient to get at), as well as being able to invalidate all other sessions (paranoia, convenience, clean slate, or " I can't remember what device that bloke had when I needed to check my e-mail and forgot to log out"). Both Gmail and Facebook currently implement systems like this. On Gmail, you have a footnote "Last account activity: <time ago>" with a details link providing an overview of all current sessions (basically extracted from session data associated with the session cookies set for your account). It shows the device type (user agent or, if not cookie based, the protocol, like IMAP/SMTP), the location and IP, and when the session was last active. It has an option to "Sign out all other session". On Facebook, the "Security Settings" feature has a section "Where You're Logged In" which is similar. Though slightly more enhanced in that it also allows ending individual sessions. They also have a section "Trusted Browsers" which is slightly different in that it lists sessions that are of the "Remember me" type and also lists authenticated devices that won't ask for two-step verification again. And the ability to revoke any of them. — Krinkle [1] E.g. not expectation based on previous negative experience with other sites. On 23 Jul 2014, at 16:45, Chris Steipp <csteipp(a)wikimedia.org> wrote:

...

On Tuesday, July 22, 2014, MZMcBride <z(a)mzmcbride.com> wrote:

Chris Steipp wrote:

I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.

MZMcBride _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org <javascript:;> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Tomasz Finc

30 Jul 30 Jul

8:23 p.m.

Lots of great discussion and ideas here. Who's up for taking this on as a challenge or mentoring someone to do it? --tomasz On Wed, Jul 23, 2014 at 11:01 AM, Krinkle <krinklemail(a)gmail.com> wrote:

...

On Tuesday, July 22, 2014, MZMcBride <z(a)mzmcbride.com> wrote:

Chris Steipp wrote:

I think this should be managed similar to https-- a site preference, and users can override the site config with a user preference.

MZMcBride _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org <javascript:;> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Antoine Musso

23 Jul 23 Jul

4:14 p.m.

Le 16/07/2014 03:52, Jon Robson a écrit :

...

Hello, I would use a system similiar to Github or Phabricator. When you log out, it only invalidate your current browser session. Then in you preference you have a list of all valid sessions which which you can manually invalidate. On Github that is under Settings -> Security https://github.com/settings/security That shows me: == Sessions == This is a list of devices that have logged into your account. Revoke any sessions that you do not recognize. Nantes: some IP Safari on OS X 10.9.4 Location: Nantes, France Signed in: May 26, 2014 That gives enough information to identify the sessions and invalidate them if needed. We could add a tab to Special:Preferences. An interesting feature on Github is the security history which listnew sessions and from where I logged on. Might be worth a look at. The same goes on for Phabricator, if you are logged in: http://fab.wmflabs.org/settings/panel/sessions/ Gives me a table such as: +--------+-------+----+---------------------+------------+ |Identity|Session|Type|Created |Expires | +--------+-------+----+---------------------+------------+ |hashar |abcdef |web |Apr 29 2014, 7:54 AM |Tue, Aug 19 | +--------+-------+----+---------------------+------------+ There are less informations than on Github though. -- Antoine "hashar" Musso

3593

days inactive

3607

days old

wikitech-l@lists.wikimedia.org

Manage subscription

20 comments

13 participants

tags (0)

participants (13)

Antoine Musso
Chris Steipp
Greg Grossmeier
Isarra Yos
Jasper Deng
Jon Robson
Krinkle
MZMcBride
Ricordisamoa
Risker
Steven Walling
Tomasz Finc
Tyler Romeo