Last modified: 2012-12-30 21:20:10 UTC
Any code path that stores things in the session is currently broken. When the session is revived from the token, a brand new session is created, but none of the old session information is added back to the new session.
Is this the "remember me" token cookie? It's not meant to preserve any particular session, but it meant to allow reestablishing a new session based on prior credentials.
Part of the prior credentials, in the case of LDAP auth, is a domain. If it doesn't get added back on to the session, bad things occur.
Wouldn't it just be possible to re-populate the session upon it being restored? A good fix to allow this would be to call User::setCookies() from within User::loadFromSession(), that way all the same hooks for initializing the first session are still run.
I've handled this by repopulated the session when it's restored. I save any long-lived into needed in tables in my extension. It would be nice for MediaWiki to have this kind of functionality for extensions, but I don't see it happening. Closing this bug.