jenkins-bot has submitted this change and it was merged.
Change subject: Set force-use flag when not using cookies to store the session
ID
......................................................................
Set force-use flag when not using cookies to store the session ID
See core patch I8c6fab2ec for the rationale. This is safe without the
core patch, it just won't fix the bug without it.
Change-Id: Ie5976d4c51d7f5220cce6b2c12531b2a09a39791
---
M api/MWOAuthSessionProvider.php
1 file changed, 3 insertions(+), 0 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/api/MWOAuthSessionProvider.php b/api/MWOAuthSessionProvider.php
index a6c193a..889d131 100644
--- a/api/MWOAuthSessionProvider.php
+++ b/api/MWOAuthSessionProvider.php
@@ -125,9 +125,11 @@
$wiki,
) ) );
$persisted = false;
+ $forceUse = true;
} else {
$id = $this->getSessionIdFromCookie( $request );
$persisted = $id !== null;
+ $forceUse = false;
}
return new SessionInfo( SessionInfo::MAX_PRIORITY, array(
@@ -135,6 +137,7 @@
'id' => $id,
'userInfo' => UserInfo::newFromUser( $localUser, true ),
'persisted' => $persisted,
+ 'forceUse' => $forceUse,
'metadata' => array(
'key' => $accesstoken->key,
'rights' => \MWGrants::getGrantRights(
$access->get( 'grants' ) ),
--
To view, visit https://gerrit.wikimedia.org/r/288047
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie5976d4c51d7f5220cce6b2c12531b2a09a39791
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
Gerrit-Reviewer: Gergő Tisza <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
