HI, I have a strange issue on my wiki. It may be server-related, but I really have no clues of what is it, some pointers would help me locate and fix it.
I'm using Apache 1.3 branch, PHP 5.1, MySQL 4.0, MediaWiki 1.8.1 (French)
Some links generate by MediaWiki are like this in the HTML page:
http://domain.tld/wiki/Accueil?string_mediawiki__session=06bbf1b62b459866c6e...
Where "string" is my MySQL database and user name (both are the same).
Not all the time, not all the links (only the [[wiki]] links it seems. This bug appear from time to time, a page refresh may get rid of it.
ANyone have seens anything like this? Any ideas where it can come from?
Jérémie Bouillon wrote:
Some links generate by MediaWiki are like this in the HTML page:
http://domain.tld/wiki/Accueil?string_mediawiki__session=06bbf1b62b459866c6e...
Where "string" is my MySQL database and user name (both are the same).
Not all the time, not all the links (only the [[wiki]] links it seems. This bug appear from time to time, a page refresh may get rid of it.
ANyone have seens anything like this? Any ideas where it can come from?
Looks like you've got a deprecated option in PHP's session management enabled.
The documentation says of session.use_trans_sid:
"URL based session management has additional security risks compared to cookie based session management. Users may send a URL that contains an active session ID to their friends by email or users may save a URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example."
Since it's not safe, it's recommended to keep it off (it's off by default). To get rid of it, set session.use_trans_sid off in php.ini (or .htaccess etc)
See PHP's session documentation for settings here: http://www.php.net/session
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
Looks like you've got a deprecated option in PHP's session management enabled. The documentation says of session.use_trans_sid:
<snip>
Thanks Brion, that seems to be the problem since a phpinfo() clearly show session.use_trans_sid set to 1, not the default.
I'm going to have a little chat with my host and a hammer, thanks a lot :)
mediawiki-l@lists.wikimedia.org