Last modified: 2014-01-22 00:37:35 UTC
If a user gets renamed on a local wiki, their account for that wiki is detached from their global SUL account, which frees up their old username. However, if that user logs into their old username, whether from old browser information (old sessions, saved username/passwords, etc.) or from accidentally typing in their old username, SUL will quietly recreate their account for them, and they might continue editing without knowing that they're not using their new username. This can cause particular problems if their rename had a privacy aspect to it (e.g. they renamed themselves to remove their real name from their username). I would propose some sort of cooldown on SUL automatic creation of usernames that have been recently renamed locally to prevent these issues. See also bug 32647, which is related to logging these.
I have a few examples of this happening in the wild, but because of the aforementioned privacy issues, I'm reluctant to discuss them unless necessary. I can probably dig up some non-private examples, too, though.
This should be handled thru global rename procedures, imo: after a global rename, the source username is either (a) deleted or (b) forced to login again. More likely (a).
Well, my primary concern is the immediate privacy issues, wherein users that have gotten their real names removed from their usernames are inadvertently spreading their real names hither and thither. I agree that, once SUL finalization is...finalized...this ceases to be an issue, but until then (and last I checked, that date was still TBD), I think that this is a serious enough issue to warrant some kind of action. For clarity: the recreation cooldown should only apply locally (i.e. on the wiki where the user was renamed), not globally. It doesn't completely solve the problem, but it'll help. Forcing a re-login after a rename would also help, to a somewhat lesser extent (it might not cover the case where a browser autopoulates the username).
