Last modified: 2013-02-27 23:16:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T25247, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 23247 - Session garbage collection causes OpenID login failure
Session garbage collection causes OpenID login failure
Status: RESOLVED INVALID
Product: MediaWiki extensions
Classification: Unclassified
OpenID (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: T. Gries
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-19 16:20 UTC by Craig Box
Modified: 2013-02-27 23:16 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Craig Box 2010-04-19 16:20:17 UTC 
It is my understanding that if you tick the "Remember my login on this computer" when you log in normally, your login session should last as long as $wgCookieExpiration (default 30 days).

On my wiki, regardless of the length of time my cookie is set for, PHP's garbage collection (or Debian's cron script) will remove PHP sessions older than gc_maxlifetime, which causes the user to need to log in again - by default, after 1 hour.  Not popular in my office!

It strikes me that there is a dependence on information on the session which would normally be stored in cookies, and there is a bug here - at the very most you should get the MW "Your session has expired" error message if your session were garbage collected.
Comment 1 Sergey Chernyshev 2010-04-21 14:44:31 UTC 
I think one solution will be to adjust garbage collector not to remove session data more often then $wgCookieExpiration or use memcached or APC for session storage so it's not garbage collected.

Another solution would be the one you suggested on a mailing list - to use cookie to store long term login flag and attempt immediate OpenID login in cases when session information is lost.
Comment 2 Siebrand Mazeland 2011-05-16 09:54:38 UTC 
Mass maintainer change.
Comment 3 T. Gries 2013-02-27 23:16:01 UTC 
I never saw this problem. Pls. reopen, if you still have this problem, and indicate then the exact git version numbers of your mediawiki core and the openid extension.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links