On Tue, 11 Oct 2011 22:40:22 +0000, Dan Nessett wrote:
On Tue, 11 Oct 2011 14:37:56 -0700, Brion Vibber wrote:
On Tue, Oct 11, 2011 at 10:17 AM, Dan Nessett dnessett@yahoo.com wrote:
Thanks for your reply and for the clarification about sessions not associating with IP addresses. However, it seems unlikely that session expiration is the problem.
Our wikis require login before users can do anything other than view pages. However, when the situation I described previously occurs, the user is able to edit pages and do anything else his permissions allow when logged in. The problem appears to have something to do with the way IP addresses are mapped to user names by the logging logic. That is, the session is still active, but when entries are made in the logs, the username is replaced either by the IP address of the request or by the generic identifier "anonymous" (different behavior on different wikis - probably a configuration issue, which I am investigating).
Ok, my suspicion is on https://bugzilla.wikimedia.org/show_bug.cgi?id=28639, fixed in the 1.16.5 security release in May: < http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-
May/000098.html
It looks like there may be some cases where session expiration (or similar issues) might have left things in a state where the previous user's permissions got kept but the other info got thrown away. This would presumably allow edits etc to finish up, while recording them as not a user id.
-- brion
Thanks. I will upgrade one of our wikis to 1.16.5 and see if that fixes the problem. If so, I will upgrade the others.
Well, I upgraded one of our small wikis to 1.16.5. I don't know yet whether it fixes the login session problem, but it seems to create another problem. Atom feeds appear broken in 1.16.5. MW is inserting an extraneous line feed into the response to the atom feed request. On 1.16.2, the response begins (for Recent Changes atom feed):
0000 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 <?xml version="1 0010 2e 30 22 3f 3e 0a 3c 3f 78 6d 6c 2d 73 74 79 6c .0"?>.<?xml-styl 0020 65 73 68 65 65 74 20 74 79 70 65 3d 22 74 65 78 esheet type="tex 0030 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 t/css"
On 1.16.5 it begins:
0000 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 .<?xml version=" 0010 31 2e 30 22 3f 3e 0a 3c 3f 78 6d 6c 2d 73 74 79 1.0"?>.<?xml-sty 0020 6c 65 73 68 65 65 74 20 74 79 70 65 3d 22 74 65 lesheet type="te 0030 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 xt/css"
Notice the LF at the beginning on 1.16.5. This causes most browsers to barf (interestingly, Safari 5.1 on a Mac doesn't). Here is the error message from opera (which is more informative than the one from firefox):
XML parsing failed
XML parsing failed: syntax error (Line: 2, Character: 0)
Reparse document as HTML Error: XML declaration not at beginning of document
Specification: http://www.w3.org/TR/REC-xml/
1: 2: <?xml version="1.0"?> 3: <?xml-stylesheet type="text/css" href="http://ec.citizendium.org/ skins/common/feed.css?270"?> 4: <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en"> 5: <id>http://ec.citizendium.org/wiki? title=Special:RecentChanges&feed=atom</id>
I have filed a bug (https://bugzilla.wikimedia.org/show_bug.cgi? id=31783). Perhaps this bug is related to 19055, but it wasn't clear from the description.