Last modified: 2007-01-24 17:19:53 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T10751, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 8751 - session cookies do not follow $wfCookieSecure
session cookies do not follow $wfCookieSecure
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
PC Windows XP
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-24 10:59 UTC by ekb87ds02
Modified: 2007-01-24 17:19 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Patch to fix bug (860 bytes, patch)
2007-01-24 11:00 UTC, ekb87ds02
Details

Description ekb87ds02 2007-01-24 10:59:44 UTC
There's a setting, $wfCookieSecure, that determines whether the cookies used by
mediawiki are supposed to be https only. This setting is not honored for the
session cookie. The interface to do that is new in PHP 4.2.0; as mediawiki now
requires PHP 5, it can be enabled.

Note that there is a similar bug 4731 for the httponly parameter, but that is
new in PHP 5.2 so it might be undesirable to enable that.

See also

http://www.php.net/manual/en/function.session-set-cookie-params.php
Comment 1 ekb87ds02 2007-01-24 11:00:10 UTC
Created attachment 3132 [details]
Patch to fix bug
Comment 2 Brion Vibber 2007-01-24 17:19:53 UTC
Whoops, good catch!

Fixed in r19636

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links