jenkins-bot has submitted this change and it was merged.
Change subject: Set force-use flag from CentralAuthTokenSessionProvider
......................................................................
Set force-use flag from CentralAuthTokenSessionProvider
While this session provider already takes option 1 from I8c6fab2ec for
the most common case by including the CentralAuth token in the hashed
data, it's possible that a 'SessionCheckInfo' function might do
something to cause breakage here. So to be safe (and to set a good
example), set the force-use flag.
Change-Id: I407a8f86fce0df8fa803308666e71a4734c22cac
(cherry picked from commit 04cc78bba82d85db6cbab9681a244f0c8928109c)
---
M includes/session/CentralAuthTokenSessionProvider.php
1 file changed, 1 insertion(+), 0 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/session/CentralAuthTokenSessionProvider.php
b/includes/session/CentralAuthTokenSessionProvider.php
index d3da64e..727e786 100644
--- a/includes/session/CentralAuthTokenSessionProvider.php
+++ b/includes/session/CentralAuthTokenSessionProvider.php
@@ -124,6 +124,7 @@
'provider' => $this,
'id' => $this->hashToSessionId( join( "\n", $data ) ),
'persisted' => true,
+ 'forceUse' => true,
);
// Delete the token once it's actually used
--
To view, visit https://gerrit.wikimedia.org/r/288214
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I407a8f86fce0df8fa803308666e71a4734c22cac
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: REL1_27
Gerrit-Owner: Gergő Tisza <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Gergő Tisza <[email protected]>
Gerrit-Reviewer: Legoktm <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
