Last modified: 2014-06-17 22:39:07 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T65605, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 63605 - Ignore expired cookie
Ignore expired cookie
Status: RESOLVED FIXED
Product: Pywikibot
Classification: Unclassified
General (Other open bugs)
compat-(1.0)
All All
: Highest critical
: ---
Assigned To: JuneHyeon Bae (devunt)
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-07 06:06 UTC by JuneHyeon Bae (devunt)
Modified: 2014-06-17 22:39 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description JuneHyeon Bae (devunt) 2014-04-07 06:06:26 UTC 
All un-localized title wiki pages response 302 redirect to https link due to forceHTTPS=deleted; expire=1970; cookie saved in login.data. but extactly https is not enabled and cause HTTPError for all pages.
Comment 1 Gerrit Notification Bot 2014-04-07 06:08:53 UTC 
Change 124285 had a related patch set uploaded by devunt:
Ignore expired cookies

https://gerrit.wikimedia.org/r/124285
Comment 2 xqt 2014-04-08 12:37:06 UTC 
Could you explain that bug a bit more and make an example. I cannot follow neither the bug nor the bugfix for it.
Comment 3 JuneHyeon Bae (devunt) 2014-04-09 00:11:11 UTC 
When I execute some scripts (ex: redirect.py broken), "pywikibot.exceptions.PageNotFound: Page http://uncyclopedia.kr/w/index.php?title=%ED%8A%B9%EC%88%98%EA%B8%B0%EB%8A%A5:BrokenRedirects&limit=500&useskin=monobook could not be retrieved. Check your family file." error appear in pywikibot-compat/pywikibot/comns/http.py. I traced error and the problem is "forceHTTPS=deleted" line in the pywikibot-compat/login-data/uncyclopedia-ko-DvtBot-login.data.
 When pywikibot request login, "Set-Cookie: forceHTTPS=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.uncyclopedia.kr; httponly" is included in the server response and saved to login.data file.
 In after, all requests are include "Cookie: forceHTTPS=deleted" value, server will response as 302 redirect "Location: http*s*://uncyclopedia.kr/w/index.php?title=%ED%8A%B9%EC%88%98%EA%B8%B0%EB%8A%A5:BrokenRedirects&limit=500&useskin=monobook" even SSL is disabled on server and client both. so HTTPError is appear and it processed as PageNotFound exeption wrongly.
 The problem is: When user login, and ssl is disabled, mediawiki set "forceHTTPS" cookie's value as "". And When we do setcookie("aaa", "");, PHP automatically set cookie "aaa" as expired, by setting value="deleted"; expire=date("Y-m-d H:i:s", 1);. Most browsers invalidate that cookie and works normally, but pywikibot-compat save that cookie without checking expire date. So that will be cause forceHTTPS=deleted cookie will included in all request. And mediawiki didn't check forceHTTPS cookie's value is "true", only check exists. So mediawiki thinks it should force https, and return 302 redirect to https page.
 This patch fix that problem by checking cookie's expire date.
Comment 4 Gerrit Notification Bot 2014-06-17 06:22:37 UTC 
Change 124285 merged by jenkins-bot:
Ignore expired cookies

https://gerrit.wikimedia.org/r/124285
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links