This bug is associated with a feature which prevents submission of forms
by
offsite javascript. For example, if a hacker wanted a page deleted, they
could write some javascript, put it up on their website, then post a link
to
it on the user talk page of an administrator. The bug involved makes some
unknown random event during an ordinary form submission appear essentially
identical to this abuse scenario.
-- Tim Starling
So this is what is going on when you get the message "rollback action
cancelled to prevent session hijacking"? Always wondered what was going on -
if it meant my account might have been compromised (I changed my password
after getting that message, just to be safe; always thought I should enquire
about what that meant).
Ian