We only want to set the local user_token when we create the local
account. We don't want to invalidate all existing CentralAuth sessions
for the user just because they happened to visit a new wiki and get
an account auto-created.
This might also fix T136853. It looks like what's going on there is that
two jobs are both in this code path calling CentralAuth::resetAuthToken()
at the same time, leading to a race and one fails the CAS check.
Bug: T136834
Change-Id: I61b8253584a11a5b02f7ccb9efa0679cd2a822c6
private function setDefaultUserOptions( User $user, $useContextLang ) {
global $wgContLang;
- \MediaWiki\Session\SessionManager::singleton()->invalidateSessionsForUser( $user );
+ $user->setToken();
$lang = $useContextLang ? \RequestContext::getMain()->getLanguage() : $wgContLang;
$user->setOption( 'language', $lang->getPreferredVariant() );
$u->setEmail( $this->mEmail );
$u->setRealName( $this->mRealName );
- SessionManager::singleton()->invalidateSessionsForUser( $u );
+ $u->setToken();
Hooks::run( 'LocalUserCreated', [ $u, $autocreate ] );
$oldUser = $u;