On Mon, Oct 10, 2011 at 11:16 AM, Dan Nessett <dnessett(a)yahoo.com> wrote:
We have been experiencing problems with MW 1.16.2
related to logged in
users on client machines where the IP address changes. I have looked over
the Bugzilla reports but could not find anything obviously related.
If a user with a laptop logs into the wiki, puts the laptop to sleep,
moves to a different location and then attempts to continue processing,
the logs show his changes mapped to an IP address (or on one of our wikis
as anonymous), rather than his user name. A simple thought experiment
suggests the cookie presented to the wiki after the laptop move has a
different IP address than the request message. This confuses MW, giving
the user all his permissions (since he is logged in), but not properly
identifying the user's name in the logs.
Session cookies are not tied to IP addresses. Most likely, the session has
simply expired -- it won't make a difference whether you come back on a
different IP or the same one, expired session data will kill your login.
Note that in the case of session expiration, the caching workaround that we
perform on logout (setting a 'logged out at time X' cookie) doesn't work, so
you may initially see a couple page views that still look like you're logged
in. You should not see this confusion on the actual edit page itself -- this
won't be cached so should show you that you are not logged out.
Consider increasing PHP's session lifetime:
http://us2.php.net/manual/en/session.configuration.php#ini.session.gc-maxli…
the default is 1440 seconds (24 minutes), meaning that a session which
doesn't get touched for 24 minutes may get destroyed during garbage
collection.
It's also possible that there's something else in your system which
introduces an IP-address dependency for sessions, such as the session
encryption option in the suhosin plugin with some unsafe configuration
options used:
http://www.hardened-php.net/suhosin/configuration.html#suhosin.session.chec…
-- brion