Brion, Thank you so much. I started thinking that I was going crazy. I'll look into the session handling functions and see what I can do about security. I wonder why SF would have such security issues. I'll especially remember your advice about database passwords and session files.
Cheers, -John
Brion Vibber wrote:
Jonathan Pennington wrote:
I'm trying to build a mediawiki page on the Sourceforge servers (project: Pyarie). I've got the problem that whenever I log in, either as an account or as WikiSysop, I can't stay logged in. If I go to another page, it seems to log me out.
Sourceforge's project web hosting provides very poor PHP support unfortunately. First, it's set up fairly insecurely, so remember that for instance any other Sourceforge user with a developer login can read your database password.
Regarding sessions in particuar: the project web hosting is on a cluster of several servers, and they do not by default share session files. This means that when you open a login session, and then go to another page, the second page is probably loaded from a different server which doesn't see your session data. Load another page, maybe you hit the first server again, maybe you don't.
You can create a directory in your project space and set the session.save_path configuration variable with ini_set() in your LocalSettings.php. This should allow sessions to work and be shared across servers, but note that other Sourceforge account holders will be able to read and probably write to your session data.
http://www.php.net/session http://www.php.net/ini_set
-- brion vibber (brion @ pobox.com)
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l