On Fri, Mar 21, 2014 at 2:27 PM, Arthur Richards <arichards@wikimedia.org> wrote:

(in prod, we at least used to use memcached to store session data, but dunno if this is still the case or if this is the case for betalabs). Anyways, there could be something wonky there causing token mismatch problems. This seems somewhat unlikely to me because if this were a problem, we would probably experience more issues on betalabs than we have been - but it certainly still seems possible.

Chris mentioned to me earlier that he pinged Coren about this on IRC - any followup yet, Chris?

Yes, I talked with Coren and hashar both briefly. We're using memcache in beta labs for session storage also. Neither Coren nor hashar had any further illumination.

So here's another question:

This code is in MF:

private function submitSettingsForm() {

$context = MobileContext::singleton();

$request = $this->getRequest();

if ( $request->getVal( 'token' ) != $context->getMobileToken() )

if the token in $request is always expected to be equal to the token in $context, then why does this if() statement even exist? Why do this check in the first place? Whatever this is guarding against seems to be actually happening.

-C