-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/4/2011 3:58 PM, Platonides wrote:
That's strange. Do you have the language files up
to date?
I have no idea. I'm starting from a clean yet slightly tweaked copy of
the 1.18.0 code (I have a custom skin derived from MonoBook), and I made
sure to run maintenance/update.php to update my database during the
upgrade. I've also run maintenance/rebuildLocalisationCache.php, which
was requested when someone else was trying to debug my prior upgrade
issues. Beyond these steps, I've never had to "update my language
files" before.
Try manually going to the userlogin page in HTTPS and
submitting from
there. Does it work?
That's pretty much what I'm doing. I'm going to my wiki main page
(which by default is in HTTP mode), then clicking on the "log in" link
in the upper right corner. The browser sends its request in HTTP mode,
my mod_rewrite rules bounce the URL to HTTPS mode, and I get the secure
login form. Above the login form it states "You must have cookies
enabled to log in to The Official GPF Wiki." Attempting to log in from
here results in the error originally described.
I tried copying and pasting the URL into a separate tab in my browser
with the same results.
As stated previously, this worked fine in 1.17 and stopped working with
1.18.0.
If the cookie was originally set in http, it should
still be present in
https, though.
I don't have any cookies currently set for the wiki; it's been long
enough since my last login that those cookies have expired. However,
because of the mod_rewrite rule, the previous cookies should have been
set via HTTPS.
My observation in the past was that (in versions <= 1.17) MediaWiki
seemed to stay in HTTPS mode after login, which was fine by me since I
prefer keeping my logged in sessions secure. If I manually switched
back to HTTP mode after login (i.e. I edited the address bar to switch
the protocol back) it usually "forget" I was logged in, which would
imply that the cookies were being set HTTPS-only. However, I can't even
get that far now; now the cookies aren't being set at all. Looking at
the request and response exchange in Firebug, it doesn't look like
MediaWiki is even sending the Set-Cookie header.
I should also point out that I hacked my phpBB installation to also
perform secure logins like this, yet to keep normal activity (browsing,
posting, most non-admin, non-user control panel stuff) in HTTP. Never
had a problem here. My custom subscription code across the site works
fine as well, set while in HTTPS mode but readable via HTTP. And since
everything seemed to work fine in 1.17 and it broke as soon as I updated
to 1.18, I can't help but be suspicious that the new code may be at fault.
The only setting that might matter is if you have
$wgCookieSecure =
true; mediawiki is sending secure cookies through http, and your browser
is rejecting them.
$wgCookieSecure is set to the default, false. The only time I've ever
changed it was in trying to get the login to work post-update to 1.18.0,
and it seems to have no effect on my success. It doesn't work either way.
Is your wiki available somewhere?
It's publicly available in read-only mode; I'm the only one with admin
privileges, and nobody else has or can create a login. I've been
planning on taking on a few volunteer wiki-wranglers, but I haven't
started taking applications yet. You can take a look if you want, but
since you won't be able to log in anyway I don't know if that will help.
http://www.gpf-comics.com/wiki/
On 12/2/2011 9:18 PM, Steve VanSlyck wrote:
Great site, Jeff. I smiled at your last sentence. I
usually do
something stoopid both before AND after filing a bug report.
Thanks. I always hate having to post requests to bug trackers and
support mailing lists, as I always feel like I'm coming off about a 100
IQ points lower than reality. I've been on the other side of the
software support fence and I hate having to try and debug anything
remotely, because I hate having to treat someone looking for help like
they don't know what they're talking about. It's like a corollary of
Murphy's Law: If anything can be said to make you sound stupid, you
*will* say it.
- --
Jeff Darlington
General Protection Fault
http://www.gpf-comics.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk7cNEQACgkQVNMIBILmfwGcewCglkr7Ykh9Kl84fIm8Zqm954md
LaIAnjgnPwxmLZVbdFvPgneu+g2kaYF6
=GRxg
-----END PGP SIGNATURE-----