Topic on User talk:Enst80

Jump to navigation Jump to search

"First Save" session bug on MW 1.30 + Auth_RU 2.01

2
Revansx (talkcontribs)

@Enst80 @Otheus Hey guys, I'm in dire need of some help/insight on solving the "First Save" bug [0].

My system is:

  • RHEL7 with CA Policy Agent to ensure authenticated sessions via remote enterprise identity provider.
  • Mediawiki - 1.30.0 (830bb58)
  • Auth_remoteuser - 2.0.1 (0af2823)16:22, 24 April 2018

My Auth_remoteuser config is:

if(isset($_SERVER['HTTP_AGENCYUID'] )) { $HTTP_AGENCYUID = $_SERVER['HTTP_AGENCYUID'];} 
else                                   { $HTTP_AGENCYUID = null; }
$wgGroupPermissions['*']['autocreateaccount'] = true;
wfLoadExtension( 'Auth_remoteuser' );  
$wgAuthRemoteuserUserName = $HTTP_AGENCYUID;
$wgAuthRemoteuserUserPrefsForced = [
    'email'    => $HTTP_AGENCYEMAIL,
    'realname' => $HTTP_DISPLAYNAME
  ];

and an analysis of my session header is shown here:

The claim from this discussion [1] seems to be that the Auto Login module doesn't create a proper user session.

It is only after the user makes a "first save" attempt (which fails) that the user's session is fully established.

Please help!!! :-) -Rich

[0] https://www.mediawiki.org/wiki/Extension_talk:Auth_remoteuser#%22First_Save%22_bug_with_MW_1.30_and_AuthRU_2.0.2

[1] https://meta.wikimedia.org/wiki/User_talk:Otheus/Auto_Login_via_REMOTE_USER#First-Save_Bug

Enst80 (talkcontribs)

The uploaded patch https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/Auth_remoteuser/+/445775/ should solve this problem ;-)

The bug caused the SessionManager to reset the session id on the first request and this in turn causes the response header to send a cookie session delete instead of cookie session id set. In total there were 4 differing session ids created (2 on the first request, 2 on the second request) and only the 4th id got used with the next request (3th and ongoing) then.

Reply to ""First Save" session bug on MW 1.30 + Auth_RU 2.01"