Page MenuHomePhabricator

Links in mail notifications should ensure that recipient user is logged in as themselves
Open, LowPublicFeature

Description

Mail notifications have a short disclaimer:

There will be no other notifications in case of further activity unless
you visit this page while logged in. [...]

However, the links in the notification do not ensure that a logout or a login under a different username is noticed by a reasonably attentive user.

I would like to see the links:

https://en.wikipedia.org/w/index.php?title=Page_title&diff=0&oldid=4711

changed to:

https://en.wikipedia.org/w/index.php?title=Page_title&diff=0&oldid=4711&requser=Username

adding a parameter "requser" to index.php.

The semantics would be that if "requser" is set and there is no user logged in or its username is different to the value of "requser", the page would link/redirect to a Special:UserLogin (&returnto=...&returntoquery=...) instead with a banner: "The link you followed suggested that you should be logged in as 'Username', for example to keep your watchlist up to date. You can either log in now or view the requested page (logged out|under your current log in)."

Details

Reference
bz60448

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:03 AM
bzimport added a project: MediaWiki-Email.
bzimport set Reference to bz60448.
bzimport added a subscriber: Unknown Object (MLST).
Tacsipacsi renamed this task from Links in mail notifications should ensure that recipient user is logged in as himself to Links in mail notifications should ensure that recipient user is logged in as themselves.Dec 23 2021, 12:26 AM
Tacsipacsi changed the subtype of this task from "Task" to "Feature Request".
Tacsipacsi updated the task description. (Show Details)
Tacsipacsi subscribed.