Anomie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/288047
Change subject: Set force-use flag when not using cookies to store the session
ID
......................................................................
Set force-use flag when not using cookies to store the session ID
See core patch I8c6fab2ec for the rationale. This is safe without the
core patch, it just won't fix the bug without it.
Change-Id: Ie5976d4c51d7f5220cce6b2c12531b2a09a39791
---
M api/MWOAuthSessionProvider.php
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth
refs/changes/47/288047/1
diff --git a/api/MWOAuthSessionProvider.php b/api/MWOAuthSessionProvider.php
index a6c193a..889d131 100644
--- a/api/MWOAuthSessionProvider.php
+++ b/api/MWOAuthSessionProvider.php
@@ -125,9 +125,11 @@
$wiki,
) ) );
$persisted = false;
+ $forceUse = true;
} else {
$id = $this->getSessionIdFromCookie( $request );
$persisted = $id !== null;
+ $forceUse = false;
}
return new SessionInfo( SessionInfo::MAX_PRIORITY, array(
@@ -135,6 +137,7 @@
'id' => $id,
'userInfo' => UserInfo::newFromUser( $localUser, true ),
'persisted' => $persisted,
+ 'forceUse' => $forceUse,
'metadata' => array(
'key' => $accesstoken->key,
'rights' => \MWGrants::getGrantRights(
$access->get( 'grants' ) ),
--
To view, visit https://gerrit.wikimedia.org/r/288047
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie5976d4c51d7f5220cce6b2c12531b2a09a39791
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
