[Mediawiki-l] Multiple wikis - dealing with cookies
Joshua Yeidel
yeidel at wsu.edu
Tue Mar 28 18:43:05 UTC 2006
Just to be sure this is in perspective: by default each wiki writes a
separate cookie that is named with the wiki DB name. The collision I
describe below would take place _only_ if, as suggested earlier, wikis were
to use the _same_ user cookie.
-- Joshua
On 3/27/06 5:17 PM, "Joshua Yeidel" <yeidel at wsu.edu> wrote:
> It's not clear that multiple MediaWiki's _can_ share the same user cookie if
> you are using the login code as-shipped.
>
> Each wiki has its own user table and its own user tokens. If you log in to
> one wiki (say, "W1"), it puts a token in your cookie and writes it in its W1
> user table. When you go to another wiki ("W2"), it checks your token from
> the cookie and ... Doesn't find it in _its_ user table. When the token is
> not found, you are not considered to be logged in. So you have to log in to
> W2. W2 generates a new token, and writes the token in the cookie. Now
> suppose you go back to W1. W1 checks your token from the cookie -- but the
> new W2 token isn't in _its_ (W1) user table. So you have to log in again to
> W1.
>
> Mashing the code to use the same user table for different wikis is well
> beyond _my_ appetite for punishment, but you may feel differently.
>
> If you really want single signon, check out Gregory Szorc's comments earlier
> today (as replayed by Matt England):
>
> At 3/25/2006 11:30 AM, Gregory Szorc wrote:
>> There are multiple ways to implement single sign-on (SSO). The way you
>> describe, a user goes to a URL, signs in, and gets logged in to other
>> applications right there and then using HTTP calls on behalf of a
>> user. This is pretty insecure and a pain to implement. It also doesn't
>> scale very well.
>>
>> Another way to implement single sign-on is with a single sign-on server,
>> which has a single sign-on protocol. When a user logs in to any
>> application using SSO, they get whisked away to the SSO server. If they
>> aren't logged in to the server, they get prompted for their
>> credentials. When they are logged in, they get signed in to the desired
>> application.
>>
>> As for SSO servers, I recommend CAS
>> (http://www.ja-sig.org/products/cas/). It has clients for almost every
>> language, including PHP, and the protocol is simple enough to create
>> clients in other languages. I have successfully deployed MediaWiki behind
>> it. It shouldn't be difficult getting it to work with the other
>> applications either.
>>
>> Gregory Szorc
>> gregory.szorc at case.edu
>
>
> -- Joshua
>
>
>
>
>
> On 3/24/06 2:18 PM, "Sy Ali" <sy1234 at gmail.com> wrote:
>
>> I've got some issues with multiple wikis timing out and forcing
>> multiple logins throughout the day. They're all hosted on the same
>> machine in different subdirectories (for various reasons).
>>
>> I do recall that there is some functionality to tweak how these wikis
>> create their cookies.. in theory they could all share the same one.
>> I'm not sure where to begin looking for the answers so I thought I'd
>> ask.
>> _______________________________________________
>> MediaWiki-l mailing list
>> MediaWiki-l at Wikimedia.org
>> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
More information about the MediaWiki-l
mailing list