[Mediawiki-l] User can't stay logged in
penningj at engr.orst.edu
Mon Feb 7 15:56:18 UTC 2005
Thank you so much. I started thinking that I was going crazy. I'll look
into the session handling functions and see what I can do about
security. I wonder why SF would have such security issues. I'll
especially remember your advice about database passwords and session files.
Brion Vibber wrote:
> Jonathan Pennington wrote:
>> I'm trying to build a mediawiki page on the Sourceforge servers
>> (project: Pyarie). I've got the problem that whenever I log in, either
>> as an account or as WikiSysop, I can't stay logged in. If I go to
>> another page, it seems to log me out.
> Sourceforge's project web hosting provides very poor PHP support
> unfortunately. First, it's set up fairly insecurely, so remember that
> for instance any other Sourceforge user with a developer login can read
> your database password.
> Regarding sessions in particuar: the project web hosting is on a cluster
> of several servers, and they do not by default share session files. This
> means that when you open a login session, and then go to another page,
> the second page is probably loaded from a different server which doesn't
> see your session data. Load another page, maybe you hit the first server
> again, maybe you don't.
> You can create a directory in your project space and set the
> session.save_path configuration variable with ini_set() in your
> LocalSettings.php. This should allow sessions to work and be shared
> across servers, but note that other Sourceforge account holders will be
> able to read and probably write to your session data.
> -- brion vibber (brion @ pobox.com)
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
JW Pennington | My Mind Map:http://oregonstate.edu/~penningj/
Masters Student: Bioresource Engineering & Geosciences
Oregon State Univ., Wilkinson 017, Corvallis Or. 97331
"A computer without windows is like a dog
without bricks tied to its head."
More information about the MediaWiki-l