Last modified: 2007-01-24 17:19:53 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 8751 - session cookies do not follow $wfCookieSecure
session cookies do not follow $wfCookieSecure
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
PC Windows XP
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-24 10:59 UTC by ekb87ds02
Modified: 2007-01-24 17:19 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Patch to fix bug (860 bytes, patch)
2007-01-24 11:00 UTC, ekb87ds02
Details

Description ekb87ds02 2007-01-24 10:59:44 UTC
There's a setting, $wfCookieSecure, that determines whether the cookies used by
mediawiki are supposed to be https only. This setting is not honored for the
session cookie. The interface to do that is new in PHP 4.2.0; as mediawiki now
requires PHP 5, it can be enabled.

Note that there is a similar bug 4731 for the httponly parameter, but that is
new in PHP 5.2 so it might be undesirable to enable that.

See also

http://www.php.net/manual/en/function.session-set-cookie-params.php
Comment 1 ekb87ds02 2007-01-24 11:00:10 UTC
Created attachment 3132 [details]
Patch to fix bug
Comment 2 Brion Vibber 2007-01-24 17:19:53 UTC
Whoops, good catch!

Fixed in r19636

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links