For some reason, userprefs.cgi generates one or two session tokens per page, and even an api_token! There is no reason for that. First of all, it shouldn't generate an api_token at all, and secondly, it should reuse an existing session token as it's generated using issue_session_token('edit_user_prefs'), i.e. that it's page independant and doesn't depend on any external data.
Summary: userprefs.cgi generates way too any session tokens → userprefs.cgi generates way too many session tokens
(In reply to Frédéric Buclin from comment #0) > it shouldn't generate an api_token at all an api_token is required for user autocompletion on the email tab.
You need to log in before you can comment on or make changes to this bug.