On Tue, 11 Oct 2011 22:40:22 +0000, Dan Nessett wrote:
On Tue, 11 Oct 2011 14:37:56 -0700, Brion Vibber
wrote:
On Tue, Oct 11, 2011 at 10:17 AM, Dan Nessett
<dnessett(a)yahoo.com>
wrote:
Thanks for your reply and for the clarification
about sessions not
associating with IP addresses. However, it seems unlikely that session
expiration is the problem.
Our wikis require login before users can do anything other than view
pages. However, when the situation I described previously occurs, the
user is able to edit pages and do anything else his permissions allow
when logged in. The problem appears to have something to do with the
way IP addresses are mapped to user names by the logging logic. That
is, the session is still active, but when entries are made in the
logs, the username is replaced either by the IP address of the request
or by the generic identifier "anonymous" (different behavior on
different wikis - probably a configuration issue, which I am
investigating).
Ok, my suspicion is on
<https://bugzilla.wikimedia.org/show_bug.cgi?id=28639>, fixed in the
1.16.5 security release in May: <
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011- May/000098.html
It looks like there may be some cases where session expiration (or
similar issues) might have left things in a state where the previous
user's permissions got kept but the other info got thrown away. This
would presumably allow edits etc to finish up, while recording them as
not a user id.
-- brion
Thanks. I will upgrade one of our wikis to 1.16.5 and see if that fixes
the problem. If so, I will upgrade the others.
Well, I upgraded one of our small wikis to 1.16.5. I don't know yet
whether it fixes the login session problem, but it seems to create
another problem. Atom feeds appear broken in 1.16.5. MW is inserting an
extraneous line feed into the response to the atom feed request. On
1.16.2, the response begins (for Recent Changes atom feed):
0000 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 <?xml version="1
0010 2e 30 22 3f 3e 0a 3c 3f 78 6d 6c 2d 73 74 79 6c .0"?>.<?xml-styl
0020 65 73 68 65 65 74 20 74 79 70 65 3d 22 74 65 78 esheet type="tex
0030 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 t/css"
On 1.16.5 it begins:
0000 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 .<?xml version="
0010 31 2e 30 22 3f 3e 0a 3c 3f 78 6d 6c 2d 73 74 79 1.0"?>.<?xml-sty
0020 6c 65 73 68 65 65 74 20 74 79 70 65 3d 22 74 65 lesheet type="te
0030 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 xt/css"
Notice the LF at the beginning on 1.16.5. This causes most browsers to
barf (interestingly, Safari 5.1 on a Mac doesn't). Here is the error
message from opera (which is more informative than the one from firefox):
XML parsing failed
XML parsing failed: syntax error (Line: 2, Character: 0)
Reparse document as HTML
Error:
XML declaration not at beginning of document
Specification:
http://www.w3.org/TR/REC-xml/
1:
2: <?xml version="1.0"?>
3: <?xml-stylesheet type="text/css"
href="http://ec.citizendium.org/
skins/common/feed.css?270"?>
4: <feed
xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
5: <id>http://ec.citizendium.org/wiki?
title=Special:RecentChanges&feed=atom</id>
I have filed a bug (
https://bugzilla.wikimedia.org/show_bug.cgi?
id=31783). Perhaps this bug is related to 19055, but it wasn't clear from
the description.
--
-- Dan Nessett