Last modified: 2008-06-05 14:52:34 UTC
When using CentralAuth SpecialUserlogin::onCookieRedirectCheck is useless:
* Consider you login without an appropriate session cookie set
* Your login succeeds and you get the appropriate UserId, UserName and session token
* You are then redirected using wpCookieCheck which will trigger a check on your session cookie
* Everything is ok so the UserLoginComplete will trigger
* As there is no proper session attached, $wgUser will contain an anonymous user. CentralAuthHooks::onUserLoginComplete will run on that
* CentralAuth will do undefined stuff and you will get the messsage 'You are now logged in to Meta as "83.81.x.y"'
Easy way to reproduce this behaviour:
* Use FireFox and install the "View Cookies" add-on
* Goto Special:Userlogin
* Delete your session cookie
The check works correctly for me for its primary purpose:
* Clear & disable cookies in browser
* put in username/pass and hit 'Log in'
Tested in Safari 3.1.
Yes, but not when you only clear your cookies after you've reached Special:Userlogin, but do not disable them. Should be extremely rare though.
*** Bug 14383 has been marked as a duplicate of this bug. ***
This problem arises, if user has been browsing the web with cookies disabled, then he goes to login page, enables cookies, enters his password and... fails.
Should be fixed in r35932