Please note that the session cookie name on WMF wikis has changed from <wiki>_session to <wiki>Session. That is, for example, enwiki_session to enwikiSession.
This was done in response to a security issue -- we had to find some way to rapidly cause all session IDs to be regenerated. Changing the cookie name was the simplest way to achieve that. More details should become available once we are sure that the security issue is fixed.
-- Tim Starling
Head's up that this has broken login for mobile - the varnish conf for mobilefrontend needs to be updated: https://gerrit.wikimedia.org/r/#/c/79837/
On Mon, Aug 19, 2013 at 9:14 PM, Tim Starling tstarling@wikimedia.orgwrote:
Please note that the session cookie name on WMF wikis has changed from <wiki>_session to <wiki>Session. That is, for example, enwiki_session to enwikiSession.
This was done in response to a security issue -- we had to find some way to rapidly cause all session IDs to be regenerated. Changing the cookie name was the simplest way to achieve that. More details should become available once we are sure that the security issue is fixed.
-- Tim Starling
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
https://www.mediawiki.org/wiki/API:Login#Construct_cookies probably needs to be updated - perhaps by removing the 'Construct cookies manually' part entirely (since that sounds like asking for trouble!)
On Tue, Aug 20, 2013 at 6:57 PM, Yuvi Panda yuvipanda@gmail.com wrote:
https://www.mediawiki.org/wiki/API:Login#Construct_cookies probably needs to be updated - perhaps by removing the 'Construct cookies manually' part entirely (since that sounds like asking for trouble!)
Max already implemented that idea in the time it took me to write this, apparently :)
https://www.mediawiki.org/w/index.php?title=API%3ALogin&diff=767549&...
wikitech-l@lists.wikimedia.org