[MediaWiki-commits] [Gerrit] Another CentralAuth double cookie workaround - change (operations/puppet)

Fri, 28 Aug 2015 05:23:46 -0700 

JanZerebecki has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/234510

Change subject: Another CentralAuth double cookie workaround
......................................................................

Another CentralAuth double cookie workaround

There was still another cookie that if duplicated prevents login.

Bug: T109038
Change-Id: I0046aef6d8b294d9d079d778f72ee19e3085c751
---
M templates/varnish/text-frontend.inc.vcl.erb
1 file changed, 5 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/10/234510/1

diff --git a/templates/varnish/text-frontend.inc.vcl.erb 
b/templates/varnish/text-frontend.inc.vcl.erb
index 45f9ad9..9739e52 100644
--- a/templates/varnish/text-frontend.inc.vcl.erb
+++ b/templates/varnish/text-frontend.inc.vcl.erb
@@ -209,4 +209,9 @@
                // The exact format of the cookie-delete string is copied from 
examples of normal CA cookie deletes (e.g. for logouts?) seen in traffic logs
                header.append(resp.http.Set-Cookie, "centralauth_User=deleted; 
expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.wikidata.org; 
secure; httponly");
        }
+       // another variant with centralauth_Session (see 
https://phabricator.wikimedia.org/T109038#1581615 )
+       if(req.http.Host ~ "(?i)(^|\.)wikidata\.org$" && req.http.Cookie ~ 
"centralauth_Session.*centralauth_Session") {
+               // The exact format of the cookie-delete string is copied from 
examples of normal CA cookie deletes (e.g. for logouts?) seen in traffic logs
+               header.append(resp.http.Set-Cookie, 
"centralauth_Session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; 
path=/; domain=.wikidata.org; secure; httponly");
+       }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/234510
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0046aef6d8b294d9d079d778f72ee19e3085c751
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: JanZerebecki <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to