[Mediawiki-l] Multiple wikis - dealing with cookies

Joshua Yeidel yeidel at wsu.edu
Tue Mar 28 18:43:05 UTC 2006


Just to be sure this is in perspective:  by default each wiki writes a
separate cookie that is named with the wiki DB name.  The collision I
describe below would take place  _only_ if, as suggested earlier, wikis were
to use the _same_ user cookie.

-- Joshua



On 3/27/06 5:17 PM, "Joshua Yeidel" <yeidel at wsu.edu> wrote:

> It's not clear that multiple MediaWiki's _can_ share the same user cookie if
> you are using the login code as-shipped.
> 
> Each wiki has its own user table and its own user tokens.  If you log in to
> one wiki (say, "W1"), it puts a token in your cookie and writes it in its W1
> user table.  When you go to another wiki ("W2"), it checks your token from
> the cookie and ... Doesn't find it in _its_ user table.  When the token is
> not found, you are not considered to be logged in.  So you have to log in to
> W2.  W2 generates a new token, and writes the token in the cookie.  Now
> suppose you go back to W1.  W1 checks your token from the cookie -- but the
> new W2 token isn't in _its_ (W1) user table.  So you have to log in again to
> W1.
> 
> Mashing the code to use the same user table for different wikis is well
> beyond _my_ appetite for punishment, but you may feel differently.
> 
> If you really want single signon, check out Gregory Szorc's comments earlier
> today (as replayed by Matt England):
> 
> At 3/25/2006 11:30 AM, Gregory Szorc wrote:
>> There are multiple ways to implement single sign-on (SSO).  The way you
>> describe, a user goes to a URL, signs in, and gets logged in to other
>> applications right there and then using HTTP calls on behalf of a
>> user.  This is pretty insecure and a pain to implement.  It also doesn't
>> scale very well.
>> 
>> Another way to implement single sign-on is with a single sign-on server,
>> which has a single sign-on protocol.  When a user logs in to any
>> application using SSO, they get whisked away to the SSO server.  If they
>> aren't logged in to the server, they get prompted for their
>> credentials.   When they are logged in, they get signed in to the desired
>> application.
>> 
>> As for SSO servers, I recommend CAS
>> (http://www.ja-sig.org/products/cas/).  It has clients for almost every
>> language, including PHP, and the protocol is simple enough to create
>> clients in other languages.  I have successfully deployed MediaWiki behind
>> it.  It shouldn't be difficult getting it to work with the other
>> applications either.
>> 
>> Gregory Szorc
>> gregory.szorc at case.edu
> 
> 
> -- Joshua
> 
> 
> 
> 
> 
> On 3/24/06 2:18 PM, "Sy Ali" <sy1234 at gmail.com> wrote:
> 
>> I've got some issues with multiple wikis timing out and forcing
>> multiple logins throughout the day.  They're all hosted on the same
>> machine in different subdirectories (for various reasons).
>> 
>> I do recall that there is some functionality to tweak how these wikis
>> create their cookies.. in theory they could all share the same one.
>> I'm not sure where to begin looking for the answers so I thought I'd
>> ask.
>> _______________________________________________
>> MediaWiki-l mailing list
>> MediaWiki-l at Wikimedia.org
>> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l




More information about the MediaWiki-l mailing list