X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FDefaultSettings.php;h=c4833660d86b68ce3851b412670df7bef74c2bd1;hb=2dc621fd82000ccb968b4e747d793dde98f6749b;hp=a1a4067f565880be072de98ac9fa8090c0417683;hpb=2e37dc5b3cfcf0265e67903470d95e6f1f4f8d27;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index a1a4067f56..c4833660d8 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -5989,7 +5989,10 @@ $wgSessionName = false;
 
 /**
  * Whether to set a cookie when a user is autoblocked. Doing so means that a blocked user, even
- * after logging out and moving to a new IP address, will still be blocked.
+ * after logging out and moving to a new IP address, will still be blocked. This cookie will contain
+ * an authentication code if $wgSecretKey is set, or otherwise will just be the block ID (in
+ * which case there is a possibility of an attacker discovering the names of revdeleted users, so
+ * it is best to use this in conjunction with $wgSecretKey being set).
  */
 $wgCookieSetOnAutoblock = false;