Last modified: 2012-12-30 21:20:10 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T39241, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 37241 - Session data is lost when session is revived from token cookie
Session data is lost when session is revived from token cookie
Status: RESOLVED WONTFIX
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-31 11:10 UTC by Ryan Lane
Modified: 2012-12-30 21:20 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Ryan Lane 2012-05-31 11:10:48 UTC 
Any code path that stores things in the session is currently broken. When the session is revived from the token, a brand new session is created, but none of the old session information is added back to the new session.
Comment 1 Brion Vibber 2012-05-31 14:05:14 UTC 
Is this the "remember me" token cookie? It's not meant to preserve any particular session, but it meant to allow reestablishing a new session based on prior credentials.
Comment 2 Ryan Lane 2012-05-31 14:15:33 UTC 
Part of the prior credentials, in the case of LDAP auth, is a domain. If it doesn't get added back on to the session, bad things occur.
Comment 3 Tyler Romeo 2012-08-03 13:49:39 UTC 
Wouldn't it just be possible to re-populate the session upon it being restored? A good fix to allow this would be to call User::setCookies() from within User::loadFromSession(), that way all the same hooks for initializing the first session are still run.
Comment 4 Ryan Lane 2012-12-30 21:20:10 UTC 
I've handled this by repopulated the session when it's restored. I save any long-lived into needed in tables in my extension. It would be nice for MediaWiki to have this kind of functionality for extensions, but I don't see it happening. Closing this bug.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links