On Mon, Mar 21, 2005 at 01:27:29PM -0800, Brion Vibber wrote:
Jaroslaw Fedevych (UALUG wrote:
Yes, but why in mediawiki-1.3.11, I have the same result when I'm using the canonical edit form? Tokens just fail to match. As well as some users get logged out right when they try to edit anything (cookies are ok on both server and clients), but I cannot reproduce this.
Sounds like a failure of PHP's session data. Make sure this is set up correctly; if you're on a server farm (such as SourceForge's project web space) PHP may be incorrectly configured to save session data onto the local hard drive where it won't be picked up by subsequent hits on other servers.
Well, well... It seems to pass wsEditToken for some articles, while for others it just fails to (I wrote a quick'n'dirty script which dumps the session).
I just don't know what can be reason for that. When you're calling editToken() for the first time it generates the token and saves it in the session, while upon subsequent calls it doesn't touch it. Truly, it is a mystery.
By the way, the script dumping the session does not use $_SESSION. It goes directly where PHP puts session files and reads the one for current session.
Could it be so that session data is silently destroyed and some values restored from cookies (I mean user login/password hash which stay there)?