Last modified: 2013-10-23 21:30:00 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T57978, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 55978 - Sessions don't work on non-loginwiki domains
Sessions don't work on non-loginwiki domains
Status: RESOLVED INVALID
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
master
All All
: Normal major with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-21 21:52 UTC by Kudu
Modified: 2013-10-23 21:30 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Log showing incorrect behavior for a non-*.orain.org wiki (6.97 KB, application/octet-stream)
2013-10-21 21:52 UTC, Kudu 		Details
Log showing expected behavior on an *.orain.org wiki (2.48 KB, text/plain)
2013-10-21 21:54 UTC, Kudu 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Kudu 2013-10-21 21:52:33 UTC 
Created attachment 13535 [details]
Log showing incorrect behavior for a non-*.orain.org wiki

Demo:
1. Log in on any wiki on orain.org (e.g. meta.orain.org).
2. Go to any page on a non-orain.org wiki (e.g. wikiconstituciocatalana.cat).

I attached two logs, one showing normal behavior for an *.orain.org wiki and another showing incorrect behavior for a non-orain.org wiki.

Here is the original GitHub issue: https://github.com/Orain/ansible-playbook/issues/61
Here is our configuration (WIP): https://github.com/Orain/ansible-playbook/blob/master/roles/mediawiki/files/LocalSettings.php.j2
We're running CentralAuth 1.22wmf22 (3756064).
Comment 1 Kudu 2013-10-21 21:54:12 UTC 
Created attachment 13536 [details]
Log showing expected behavior on an *.orain.org wiki
Comment 2 Quim Gil 2013-10-22 16:59:38 UTC 
http://espiral.org is also hosted in Orain. I have asked several users to login, and the feedback is the same: they can login (even after resetting password etc) but they end up being pushed back as anonymous users again. The session won't stick.

What is weird is that I'm visiting and editing espiral.org as an identified user regularly. My session does stick, even after reboots or changing from a laptop to another.

But then I have the same problems than the rest when logging to http://wikiconstituciocatalana.cat - which is double weird.

fwiw I'm admin in both wikis. One difference is that I was already a user at espiral.org before it got imported to Orain, while Wikiconstitució was created from scratch as an Orain wiki. However, other Spiral users registered before the move are also finding login problems...
Comment 3 Addshore 2013-10-23 21:30:00 UTC 
So after a fair amount of detective work..
A CA token needs to be set for each domain on login (as with the wikimedia sites.)

Hence this fixed our problems https://github.com/Orain/ansible-playbook/commit/9e6336b059f42560e28104b6e04108007a3f86a5
(later altered to be a more dynamic fix for the future)

Previous to this a login on espiral would create a CA token for the orain.org domain.
espiral could not use this so it would then attempt to get a new CA token and session for espiral which it would do again, but again the CA token would remain under the orain.org domain not espiral.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links