Last modified: 2012-04-12 13:55:22 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T33845, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 31845 - Anonymous users see sysop links due to UserID cookie
Anonymous users see sysop links due to UserID cookie
Status: RESOLVED DUPLICATE of bug 28639
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.16.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-20 15:33 UTC by Remco de Boer
Modified: 2012-04-12 13:55 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Remco de Boer 2011-10-20 15:33:56 UTC 
When the createaccount right has been reserved for sysops, regular users only see the 'login' link when they arrive at the wiki, not the 'login/create account' link.

I have encountered situations (not sure why, don't care much why either) in which some cookies lingered after a session expired. In particular, for a user with sysop rights the UserName and UserID cookies remained, while the session and Token cookies had disappeared. The problem here is the UserID cookie: whenever that cookie is present, the (now anonymous!) user is greeted with a 'login/create account' link instead of only a 'login' link. 

Steps to reproduce:

0. Set $wgGroupPermissions['*']['createaccount'] = false;
result: anonymous user sees "Login" link instead of "Login/Create account"

1. Log in as a user with sysop rights
2. Delete the "session" and "Token" cookies from your system. Ensure the "UserID" cookie remains.
3. Refresh the page (F5)
result: the (now anonymous) user sees "Login/Create account" link. Should be "Login". Note that, even though the wrong link is displayed, the user is still not able to create an account.

4. Delete the "UserID" cookie
5. Refresh the page (F5)
result: the (still anonymous) user correctly sees only the "Login" link again.
Comment 1 Brion Vibber 2011-10-20 20:45:28 UTC 
Did you upgrade to 1.16.5 which fixes known related problems?
Comment 2 Remco de Boer 2011-10-20 21:06:17 UTC 
No, I did not. I'll report back once I've tried.
Comment 3 Remco de Boer 2011-10-23 12:35:23 UTC 
1.16.5 fixes this issue. Thanks!
Comment 4 Remco de Boer 2011-10-23 12:39:50 UTC 

*** This bug has been marked as a duplicate of bug 28639 ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links