Aaaah. Another gleaming example why developers have flat foreheads (imaging forehead being slapped with hand).
The reason that the img_auth was not working is because it was using a non-ssl session (http) while the primary wiki was using ssl (https). Ergo, when the images were refered to from the wiki, there were two different session cookies. Jack "Flathead" Pond > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Jack D. Pond > Sent: Tuesday, June 08, 2010 5:23 PM > To: 'MediaWiki announcements and site admin list' > Subject: [Mediawiki-l] img_auth no longer works > > > As of Monday, img_auth no longer works because (guessing) > when img_auth checks for user rights via: > > $title->userCanRead() > > The "user" is always anonymous ("not logged in"). > > Is it possible that webstart.php used to automatically "log > in" the user and make available groups via: > > $user->getEffectiveGroups() > > But in recent updates, this no longer occurs? > > Questions: > > 1) How would I get it to log in users? > 2) Would this present a possible xss issue? > 3) Was this inadvertant and can it be safely reversed? > > Thanks! > > jdpond > > > _______________________________________________ > MediaWiki-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
