[Mediawiki-l] problem with session hijacking detection
Hanno Braun
hanno at elrador.de
Sat Apr 2 13:02:55 UTC 2005
Hi!
I'm running MediaWiki 1.4.0 and have some problems:
* Editing doesn't work properly: If I hit "Save page" I get the preview
page instead. If I try often enough it will work. This problem occurs
only when I'm logged in.
* Rollback doesn't work properly: I get a message saying that there is
a problem with my login session and that it was cancelled as a
precaution against session hijacking. This problem can also be solved
by trying often enough.
* Same for uploading.
* If I log in and don't activate the checkbox saying that the wiki
should remember me across sessions I'm instantly logged out again if I
load the next page.
I think the editing and logout problem are also related to the
anti-session-hijacking mechanism, even if there's no error message
saying this.
I'm not familiar with php or web programming in general but I figured
out what the problem might be:
The wiki is hosted at Sourceforge.net. sf.net uses multiple
apache-servers to serve web pages. When a page is requested an apache
is selected by some kind of load balancing mechanism.
My theory is that the wiki thinks someone tries to hijack my session
anytime the apache that serves my pages chances. This would also
explain why retrying very often helps: If the same apache that
processed my "edit page" request also processes my "save page" request
the wiki detects nothing unusual and lets me save the page.
Has someone else experienced this problem and found a solution?
Maybe it is possible to deactivate the session hijacking detection
somehow?
I would be very grateful if someone could help me.
regards,
Hanno
_____________________________
Elrador - Ein Onlinerollenspiel
http://elrador.de
Elrador Engine - create your own online game
http://elrador-engine.sf.net
More information about the MediaWiki-l
mailing list