Last modified: 2013-03-25 14:52:20 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T36455, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 34455 - For version 1.16+:: With Apache 2.2 :: Session Hijacking or Cookie error in IE
For version 1.16+:: With Apache 2.2 :: Session Hijacking or Cookie error in IE
Status: NEW
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.18.x
All Linux
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-16 20:08 UTC by awhizle
Modified: 2013-03-25 14:52 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description awhizle 2012-02-16 20:08:03 UTC 
Within Apache2 configuration files (mine are /etc/apache2/sites-available/example).

If you use a ServerName value with underscore characters or capitalization you will get one of two errors: 

1) "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again"

2) ""Login error <wiki name> uses cookies to log in users. You have cookies disabled. Please enable them and try again."

This will occur when trying to login as any user, even with a session.save_path value explicitly set in LocalSetttings.php.

This only occurs in IE 8 and 9 (did not test older versions)

I also tested with Firefox 9.01 and Google Chrome 16.0.912.77, both of these browsers worked with login.
Comment 1 Brion Vibber 2012-02-16 20:15:21 UTC 
Sounds like a config error; IIRC underscores are forbidden in hostnames, and capitals are just trouble...?
Comment 2 Mark A. Hershberger 2012-02-16 21:19:20 UTC 
From  http://domainkeys.sourceforge.net/underscore.html

  Host names are not allowed to have underscores in them. In DNS, host names are
  the name fields of A or MX records or the data fields of the SOA and NS
  records. Thus, there are many DNS entries that are not hostnames. Underscores
  allowed, except in host names."
Comment 3 awhizle 2012-02-17 20:02:49 UTC 
Regardless the RFC docs, the page loaded correctly and my internal DNS allowed me to add the host with the underscore. Everything worked on the wiki (editing, blocking anonymous edits, ect) except the login section. Bad config or not the error message was not descriptive enough and instead a catchall error message that doesn't even apply to the issue was being used.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links