Brion Vibber wrote:
Note: I'm
running extensions/Auth_remoteuser.php to re-use HTTP AUTH in
the web server. I'm hoping that's not causing this problem?
Sounds like.
OK. I've tracked down where wfSpecialUserlogin is called -
includes/SpecialPage.php does it when executing a special page, but grep
wasn't finding it, because the function is looked up at run-time by name
from a value in a string!
So, I see wfSpecialUserlogin will create a session the very first time
you hit the Special:Userlogin page. However, with Auth_remoteuser.php
(since authentication is inherited from the webserver login, without a
separate MediaWiki login), the user never hits this page, and hence
never has a session setup.
For a simple fix, I'll modify Auth_remoteuser.php to do the same thing
that SpecialPage.php does:
if( !$wgCommandLineMode && !isset( $_COOKIE[session_name()] ) ) {
User::SetupSession();
}
However, I wonder if Auth_remoteuser.php shouldn't do something more
like below, so it automatically uses whatever code is in
wfSpecialUserlogin, rather than pasting it into the hook function...
if no session key:
if at Special:Userlogin page
display error
# whatever Userlogin wants to redirect back here after acces
args = "redirect_to=current_page"
force redirect to Special:Userlogin?args