[Mediawiki-l] MW seems to get confused when IP address of client machine changes while user is logged in
dnessett at yahoo.com
Thu Nov 10 18:08:13 UTC 2011
On Wed, 09 Nov 2011 15:26:07 -0800, Brion Vibber wrote:
> On Wed, Nov 9, 2011 at 2:50 PM, Dan Nessett <dnessett at yahoo.com> wrote:
>> > What problems remain other than the ones I noted previously as being
>> > known problems or expected behavior?
>> Documented in the bug report (comment 4).
> Ok so to confirm:
> * This is primarily about the bug we told you should be fixed by the
> session security fix in 1.16.5 if it's happening to you * You can't
> reproduce it on 1.16.5, but also can't reproduce it on 1.16.2 anymore?
> * You're trying to reproduce it exactly on 1.16.2 so you personally can
> confirm it is indeed fixed in 1.16.5
> * The loads of details about session info and behavior are just for you
> to log what's going on so you can identify the bug when you see it, and
> don't indicate any new issues.
> I've changed the summary on the bug to indicate that it's an old bug
> believed to be fixed in 1.16.5, and not something new or remaining that
> would require additional fixes.
> -- brion
That is a fair summary with some minor corrections.
+ The problem originally documented occurred on two of our wikis. The
evidence of it exists in their recent changes logs. However, I have been
unable to develop a procedure that will reliably reproduce the error. It
only occurs intermittently on the live wikis running 1.16.2. I moved one
of those wikis to 1.16.5 and so far the problem has not reoccurred.
+ I have been able to develop procedures that demonstrate other problems
with session management on 1.16.2, but so far those procedures do not
show a problem on 1.16.5. Since these problems arise intermittently, this
does not demonstrate categorically the absence of the problems on 1.16.5.
So, while it is probably safe to assume 1.16.5 fixes these problems, I
cannot state that with 100% certainty.
+ I am trying to reproduce the original problem exactly on 1.16.2 not
just for me personally. Documenting a procedure that reproduces the
problem helps others who run up against a session related problem to
determine if it is the same problem described in this bug ticket. So, the
detail is intended to help not only me, but others who run wikis
experiencing session management problems.
+ The ticket does indicate at least on new problems that probably
requires attention. Specifically, when a session times out and the user
accesses the wiki, the login status is incorrectly shown at the top of
the page until a additional page access (e.g., after a browser refresh).
I believe you have described how this problem might be solved.
-- Dan Nessett
More information about the MediaWiki-l