[Mediawiki-l] MW seems to get confused when IP address of client machine changes while user is logged in

Dan Nessett dnessett at yahoo.com
Thu Nov 10 18:08:13 UTC 2011

On Wed, 09 Nov 2011 15:26:07 -0800, Brion Vibber wrote:

> On Wed, Nov 9, 2011 at 2:50 PM, Dan Nessett <dnessett at yahoo.com> wrote:
>> > What problems remain other than the ones I noted previously as being
>> > known problems or expected behavior?
>> Documented in the bug report (comment 4).
> Ok so to confirm:
> * This is primarily about the bug we told you should be fixed by the
> session security fix in 1.16.5 if it's happening to you * You can't
> reproduce it on 1.16.5, but also can't reproduce it on 1.16.2 anymore?
> * You're trying to reproduce it exactly on 1.16.2 so you personally can
> confirm it is indeed fixed in 1.16.5
> * The loads of details about session info and behavior are just for you
> to log what's going on so you can identify the bug when you see it, and
> don't indicate any new issues.
> I've changed the summary on the bug to indicate that it's an old bug
> believed to be fixed in 1.16.5, and not something new or remaining that
> would require additional fixes.
> -- brion

That is a fair summary with some minor corrections.

+ The problem originally documented occurred on two of our wikis. The 
evidence of it exists in their recent changes logs. However, I have been 
unable to develop a procedure that will reliably reproduce the error. It 
only occurs intermittently on the live wikis running 1.16.2. I moved one 
of those wikis to 1.16.5 and so far the problem has not reoccurred.

+ I have been able to develop procedures that demonstrate other problems 
with session management on 1.16.2, but so far those procedures do not 
show a problem on 1.16.5. Since these problems arise intermittently, this 
does not demonstrate categorically the absence of the problems on 1.16.5. 
So, while it is probably safe to assume 1.16.5 fixes these problems, I 
cannot state that with 100% certainty.

+ I am trying to reproduce the original problem exactly on 1.16.2 not 
just for me personally. Documenting a procedure that reproduces the 
problem helps others who run up against a session related problem to 
determine if it is the same problem described in this bug ticket. So, the 
detail is intended to help not only me, but others who run wikis 
experiencing session management problems.

+ The ticket does indicate at least on new problems that probably 
requires attention. Specifically, when a session times out and the user 
accesses the wiki, the login status is incorrectly shown at the top of 
the page until a additional page access (e.g., after a browser refresh). 
I believe you have described how this problem might be solved.


-- Dan Nessett

More information about the MediaWiki-l mailing list