Last modified: 2014-03-14 14:13:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 32364 - Logged in status incorrectly displayed after a PHP session timeout
Logged in status incorrectly displayed after a PHP session timeout
Status: NEW
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.16.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on: 31639
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-11 19:41 UTC by Dan Nessett
Modified: 2014-03-14 14:13 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Dan Nessett 2011-11-11 19:41:52 UTC
This bug was discovered while working on bug 32122
(https://bugzilla.wikimedia.org/show_bug.cgi?id=32122). In order to reproduce
it reliably, a developer must make the following changes to php.ini (this
should *not* be done on a production machine, since the settings force the PHP
garbage collector to run on every page access).

session.gc_probability = 100
session.gc_divisor     = 100
session.gc_maxlifetime = 60
session.save_path = <some directory writable by httpd>

login (DO NOT CHECK THE "REMEMBER ME" BOX).

Print the contents of the session file (this is most easily accomplished by deleting all session files before login, which will mean only one session file exists after login). The session contents will look something like:

wsUserID|i:1;wsToken|s:32:"895091d5eb444a89d6e29b679b4ec8ac";wsUserName|s:9:"WikiSysop";wsLoginToken|N;

+ Wait 60 seconds or more.

Refresh the page.

The login status line will show something like:

<username> My talk My preferences My watchlist My contributions Log out

where <username> indicates the name of the user who logged in. However, the session file will contain something like:

wsUserID|i:1;wsUserName|s:9:"WikiSysop";

This means the user is actually logged out. So the login status line is incorrectly displayed. If you refresh the page once again, the login status line correctly indicates the user is logged out.

In a post to Mediawiki-l (http://www.mail-archive.com/mediawiki-l@lists.wikimedia.org/msg08967.html), Brion Vibber indicates this problem would be fixed if the enhancement request in https://bugzilla.wikimedia.org/show_bug.cgi?id=31639 were implemented.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links