Merge lp:~paulgear/wordpress-teams-integration/no-openid-reset-on-logout into lp:wordpress-teams-integration
Proposed by
Paul Gear
Status: | Merged |
---|---|
Merged at revision: | 32 |
Proposed branch: | lp:~paulgear/wordpress-teams-integration/no-openid-reset-on-logout |
Merge into: | lp:wordpress-teams-integration |
Diff against target: |
28 lines (+0/-11) 1 file modified
openid-teams.php (+0/-11) |
To merge this branch: | bzr merge lp:~paulgear/wordpress-teams-integration/no-openid-reset-on-logout |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Paul Collins | lgtm | Approve | |
Review via email: mp+330051@code.launchpad.net |
To post a comment you must log in.
To summarise the no-longer-visible commit log:
Do not remove OpenID roles on logout
There is no guarantee that logout will be run anyway, and removing the roles is actively harmful, because it prevents an editor from attributing posts to an author after logout.
OpenID roles are reset to their current values on login, so there is no risk in this arrangement that a user will receive increased privileges due to their roles remaining while they are logged out.