[Mediawiki-l] Multiple wikis - dealing with cookies

Joshua Yeidel yeidel at wsu.edu
Tue Mar 28 01:17:50 UTC 2006


It's not clear that multiple MediaWiki's _can_ share the same user cookie if
you are using the login code as-shipped.

Each wiki has its own user table and its own user tokens.  If you log in to
one wiki (say, "W1"), it puts a token in your cookie and writes it in its W1
user table.  When you go to another wiki ("W2"), it checks your token from
the cookie and ... Doesn't find it in _its_ user table.  When the token is
not found, you are not considered to be logged in.  So you have to log in to
W2.  W2 generates a new token, and writes the token in the cookie.  Now
suppose you go back to W1.  W1 checks your token from the cookie -- but the
new W2 token isn't in _its_ (W1) user table.  So you have to log in again to
W1.

Mashing the code to use the same user table for different wikis is well
beyond _my_ appetite for punishment, but you may feel differently.

If you really want single signon, check out Gregory Szorc's comments earlier
today (as replayed by Matt England):

At 3/25/2006 11:30 AM, Gregory Szorc wrote:
>There are multiple ways to implement single sign-on (SSO).  The way you
>describe, a user goes to a URL, signs in, and gets logged in to other
>applications right there and then using HTTP calls on behalf of a
>user.  This is pretty insecure and a pain to implement.  It also doesn't
>scale very well.
>
>Another way to implement single sign-on is with a single sign-on server,
>which has a single sign-on protocol.  When a user logs in to any
>application using SSO, they get whisked away to the SSO server.  If they
>aren't logged in to the server, they get prompted for their
>credentials.   When they are logged in, they get signed in to the desired
>application.
>
>As for SSO servers, I recommend CAS
>(http://www.ja-sig.org/products/cas/).  It has clients for almost every
>language, including PHP, and the protocol is simple enough to create
>clients in other languages.  I have successfully deployed MediaWiki behind
>it.  It shouldn't be difficult getting it to work with the other
>applications either.
>
>Gregory Szorc
>gregory.szorc at case.edu


-- Joshua





On 3/24/06 2:18 PM, "Sy Ali" <sy1234 at gmail.com> wrote:

> I've got some issues with multiple wikis timing out and forcing
> multiple logins throughout the day.  They're all hosted on the same
> machine in different subdirectories (for various reasons).
> 
> I do recall that there is some functionality to tweak how these wikis
> create their cookies.. in theory they could all share the same one.
> I'm not sure where to begin looking for the answers so I thought I'd
> ask.
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l




More information about the MediaWiki-l mailing list