Last modified: 2014-03-14 14:13:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T34364, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 32364 - Logged in status incorrectly displayed after a PHP session timeout
Logged in status incorrectly displayed after a PHP session timeout
Status: NEW
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.16.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on: 31639
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-11 19:41 UTC by Dan Nessett
Modified: 2014-03-14 14:13 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Dan Nessett 2011-11-11 19:41:52 UTC
This bug was discovered while working on bug 32122
(https://bugzilla.wikimedia.org/show_bug.cgi?id=32122). In order to reproduce
it reliably, a developer must make the following changes to php.ini (this
should *not* be done on a production machine, since the settings force the PHP
garbage collector to run on every page access).

session.gc_probability = 100
session.gc_divisor     = 100
session.gc_maxlifetime = 60
session.save_path = <some directory writable by httpd>

login (DO NOT CHECK THE "REMEMBER ME" BOX).

Print the contents of the session file (this is most easily accomplished by deleting all session files before login, which will mean only one session file exists after login). The session contents will look something like:

wsUserID|i:1;wsToken|s:32:"895091d5eb444a89d6e29b679b4ec8ac";wsUserName|s:9:"WikiSysop";wsLoginToken|N;

+ Wait 60 seconds or more.

Refresh the page.

The login status line will show something like:

<username> My talk My preferences My watchlist My contributions Log out

where <username> indicates the name of the user who logged in. However, the session file will contain something like:

wsUserID|i:1;wsUserName|s:9:"WikiSysop";

This means the user is actually logged out. So the login status line is incorrectly displayed. If you refresh the page once again, the login status line correctly indicates the user is logged out.

In a post to Mediawiki-l (http://www.mail-archive.com/mediawiki-l@lists.wikimedia.org/msg08967.html), Brion Vibber indicates this problem would be fixed if the enhancement request in https://bugzilla.wikimedia.org/show_bug.cgi?id=31639 were implemented.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links