Topic on User talk:Enst80

Jump to navigation Jump to search

"First Save" session bug on MW 1.30 + Auth_RU 2.01

Revansx (talkcontribs)

@Enst80 @Otheus Hey guys, I'm in dire need of some help/insight on solving the "First Save" bug [0].

My system is:

  • RHEL7 with CA Policy Agent to ensure authenticated sessions via remote enterprise identity provider.
  • Mediawiki - 1.30.0 (830bb58)
  • Auth_remoteuser - 2.0.1 (0af2823)16:22, 24 April 2018

My Auth_remoteuser config is:

else                                   { $HTTP_AGENCYUID = null; }
$wgGroupPermissions['*']['autocreateaccount'] = true;
wfLoadExtension( 'Auth_remoteuser' );  
$wgAuthRemoteuserUserName = $HTTP_AGENCYUID;
$wgAuthRemoteuserUserPrefsForced = [
    'email'    => $HTTP_AGENCYEMAIL,
    'realname' => $HTTP_DISPLAYNAME

and an analysis of my session header is shown here:

The claim from this discussion [1] seems to be that the Auto Login module doesn't create a proper user session.

It is only after the user makes a "first save" attempt (which fails) that the user's session is fully established.

Please help!!! :-) -Rich



Enst80 (talkcontribs)

The uploaded patch should solve this problem ;-)

The bug caused the SessionManager to reset the session id on the first request and this in turn causes the response header to send a cookie session delete instead of cookie session id set. In total there were 4 differing session ids created (2 on the first request, 2 on the second request) and only the 4th id got used with the next request (3th and ongoing) then.

Reply to ""First Save" session bug on MW 1.30 + Auth_RU 2.01"